From: Michael Vogt <mvo@debian.org>
Date: Wed, 18 Jun 2014 08:47:19 +0000 (+0200)
Subject: Merge remote-tracking branch 'mvo/feature/drop-rights' into debian/experimental
X-Git-Tag: 1.1.exp1~12
X-Git-Url: https://git.saurik.com/apt.git/commitdiff_plain/17091f2f33de16c2dae501e7868f7aec4fc3452f

Merge remote-tracking branch 'mvo/feature/drop-rights' into debian/experimental

Conflicts:
	apt-pkg/contrib/fileutl.cc
	apt-pkg/contrib/fileutl.h
---

17091f2f33de16c2dae501e7868f7aec4fc3452f
diff --cc apt-pkg/contrib/fileutl.cc
index 29450ada0,da81edbcc..6b8f04dea
--- a/apt-pkg/contrib/fileutl.cc
+++ b/apt-pkg/contrib/fileutl.cc
@@@ -2112,57 -2052,18 +2113,74 @@@ bool Rename(std::string From, std::stri
     return true;
  }
  
 +bool Popen(const char* Args[], FileFd &Fd, pid_t &Child, FileFd::OpenMode Mode)
 +{
 +   int fd;
 +   if (Mode != FileFd::ReadOnly && Mode != FileFd::WriteOnly)
 +      return _error->Error("Popen supports ReadOnly (x)or WriteOnly mode only");
 +
 +   int Pipe[2] = {-1, -1};
 +   if(pipe(Pipe) != 0)
 +   {
 +      return _error->Errno("pipe", _("Failed to create subprocess IPC"));
 +      return NULL;
 +   }
 +   std::set<int> keep_fds;
 +   keep_fds.insert(Pipe[0]);
 +   keep_fds.insert(Pipe[1]);
 +   Child = ExecFork(keep_fds);
 +   if(Child < 0)
 +      return _error->Errno("fork", "Failed to fork");
 +   if(Child == 0)
 +   {
 +      if(Mode == FileFd::ReadOnly)
 +      {
 +         close(Pipe[0]);
 +         fd = Pipe[1];
 +      }
 +      else if(Mode == FileFd::WriteOnly)
 +      {
 +         close(Pipe[1]);
 +         fd = Pipe[0];
 +      }
 +
 +      if(Mode == FileFd::ReadOnly)
 +      {
 +         dup2(fd, 1);
 +         dup2(fd, 2);
 +      } else if(Mode == FileFd::WriteOnly)
 +         dup2(fd, 0);
 +
 +      execv(Args[0], (char**)Args);
 +      _exit(100);
 +   }
 +   if(Mode == FileFd::ReadOnly)
 +   {
 +      close(Pipe[1]);
 +      fd = Pipe[0];
 +   } else if(Mode == FileFd::WriteOnly)
 +   {
 +      close(Pipe[0]);
 +      fd = Pipe[1];
 +   }
 +   Fd.OpenDescriptor(fd, Mode, FileFd::None, true);
 +
 +   return true;
 +}
++
+ bool DropPrivs()
+ {
+    if (getuid() != 0)
+       return true;
+ 
+    const std::string nobody = _config->Find("APT::User::Nobody", "nobody");
+    struct passwd *pw = getpwnam(nobody.c_str());
+    if (pw == NULL)
+       return _error->Warning("No user %s, can not drop rights", nobody.c_str());
+    if (setgid(pw->pw_gid) != 0)
+       return _error->Errno("setgid", "Failed to setgid");
+    if (setuid(pw->pw_uid) != 0)
+       return _error->Errno("setuid", "Failed to setuid");
++
+    return true;
+ }
diff --cc apt-pkg/contrib/fileutl.h
index 0b4d94885,683c04157..e04f75e2a
--- a/apt-pkg/contrib/fileutl.h
+++ b/apt-pkg/contrib/fileutl.h
@@@ -193,9 -191,9 +193,13 @@@ pid_t ExecFork(std::set<int> keep_fds)
  void MergeKeepFdsFromConfiguration(std::set<int> &keep_fds);
  bool ExecWait(pid_t Pid,const char *Name,bool Reap = false);
  
++
 +// check if the given file starts with a PGP cleartext signature
 +bool StartsWithGPGClearTextSignature(std::string const &FileName);
 +
+ // process releated
+ bool DropPrivs();
+ 
  // File string manipulators
  std::string flNotDir(std::string File);
  std::string flNotFile(std::string File);