Просмотр исходного кода

drop privileges in file:// method as we do for decompressors

We drop it in decompressors, which are the natural next step, so if an
archive is used which isn't worldreadable (= not accessible by _apt) it
doesn't work anyway, so we just fail a bit earlier now and avoid all the
bad things which can happen over file (which could very well still be a
network resourc via NFS mounts or similar stuff, so hardly as safe as
the name might suggest at first).
David Kalnischkies лет назад: 10
Родитель
Сommit
0940230dd6
1 измененных файлов с 12 добавлено и 2 удалено
  1. 12 2
      methods/file.cc

+ 12 - 2
methods/file.cc

@@ -31,11 +31,21 @@
 class FileMethod : public pkgAcqMethod
 {
    virtual bool Fetch(FetchItem *Itm) APT_OVERRIDE;
-   
+   virtual bool Configuration(std::string Message) APT_OVERRIDE;
+
    public:
-   
+
    FileMethod() : pkgAcqMethod("1.0",SingleInstance | SendConfig | LocalOnly) {};
 };
+bool FileMethod::Configuration(std::string Message)
+{
+   if (pkgAcqMethod::Configuration(Message) == false)
+      return false;
+
+   DropPrivsOrDie();
+
+   return true;
+}
 
 // FileMethod::Fetch - Fetch a file					/*{{{*/
 // ---------------------------------------------------------------------