summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Kalnischkies <david@kalnischkies.de>2018-01-05 23:47:45 +0100
committerDavid Kalnischkies <david@kalnischkies.de>2018-02-19 15:56:09 +0100
commitd90eb8132961aa481b94e63246a0ed23fc36d182 (patch)
treeb7bedb928d7cc5578ad2dbb2543f97cd7fec9e53
parent887e331abb6ac0a850e5d53de55f43c9ebdee5a2 (diff)
downloadapt-d90eb8132961aa481b94e63246a0ed23fc36d182.tar.gz
use a more standard approach to disable security for cdrom method
It is sad that we can't wrap the cdrom method tighter at the moment, but due to its ability to mount drives into arbitrary places via an external suid binary we can't really do a lot better at the moment. What we can do is set the options in the configuration space through as it is standard in the other methods instead of doing it in main() which is assumed to be more boilerplatey than actually doing something. Gbp-Dch: Ignore
-rw-r--r--methods/cdrom.cc10
1 files changed, 8 insertions, 2 deletions
diff --git a/methods/cdrom.cc b/methods/cdrom.cc
index 8b7587fe5..3900e3e64 100644
--- a/methods/cdrom.cc
+++ b/methods/cdrom.cc
@@ -46,7 +46,8 @@ class CDROMMethod : public aptMethod
virtual bool Fetch(FetchItem *Itm) APT_OVERRIDE;
string GetID(string Name);
virtual void Exit() APT_OVERRIDE;
-
+ virtual bool Configuration(std::string Message) APT_OVERRIDE;
+
public:
CDROMMethod();
@@ -277,9 +278,14 @@ bool CDROMMethod::Fetch(FetchItem *Itm)
return true;
}
/*}}}*/
+bool CDROMMethod::Configuration(std::string Message) /*{{{*/
+{
+ _config->CndSet("Binary::cdrom::Debug::NoDropPrivs", true);
+ return aptMethod::Configuration(Message);
+}
+ /*}}}*/
int main()
{
- _config->CndSet("Binary::cdrom::Debug::NoDropPrivs", true);
return CDROMMethod().Run();
}