From 0940230dd6710ff5b555bed8be3d75ae0d150a08 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 9 Oct 2015 22:25:13 +0200 Subject: [PATCH] drop privileges in file:// method as we do for decompressors We drop it in decompressors, which are the natural next step, so if an archive is used which isn't worldreadable (= not accessible by _apt) it doesn't work anyway, so we just fail a bit earlier now and avoid all the bad things which can happen over file (which could very well still be a network resourc via NFS mounts or similar stuff, so hardly as safe as the name might suggest at first). --- methods/file.cc | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/methods/file.cc b/methods/file.cc index 40e85bce5..b689de619 100644 --- a/methods/file.cc +++ b/methods/file.cc @@ -31,11 +31,21 @@ class FileMethod : public pkgAcqMethod { virtual bool Fetch(FetchItem *Itm) APT_OVERRIDE; - + virtual bool Configuration(std::string Message) APT_OVERRIDE; + public: - + FileMethod() : pkgAcqMethod("1.0",SingleInstance | SendConfig | LocalOnly) {}; }; +bool FileMethod::Configuration(std::string Message) +{ + if (pkgAcqMethod::Configuration(Message) == false) + return false; + + DropPrivsOrDie(); + + return true; +} // FileMethod::Fetch - Fetch a file /*{{{*/ // --------------------------------------------------------------------- -- 2.45.2