summaryrefslogtreecommitdiff
path: root/cmdline
diff options
context:
space:
mode:
authorDavid Kalnischkies <david@kalnischkies.de>2015-09-07 19:32:31 +0200
committerDavid Kalnischkies <david@kalnischkies.de>2015-09-14 15:22:18 +0200
commit92b2e38dd1334d7f7a30358124c4fad766ca4666 (patch)
tree24f6020cf5a91a72ea4665e488388f23bac595ab /cmdline
parente977b8b9234ac5db32f2f0ad7e183139b988340d (diff)
downloadapt-92b2e38dd1334d7f7a30358124c4fad766ca4666.tar.gz
fix insecure use of /tmp in EDSP solver 'dump'
As said in the bugreport, this is hardly a serious problem on a security front, but it was always on the list to have the filename configurable somehow and the stable filename is a problem for parallel executions. Using an environment variable (APT_EDSP_DUMP_FILENAME) for this is more or less the best we can do here as solvers do not get told about our configuration and such. Closes: 795600
Diffstat (limited to 'cmdline')
-rw-r--r--cmdline/apt-dump-solver.cc41
1 files changed, 29 insertions, 12 deletions
diff --git a/cmdline/apt-dump-solver.cc b/cmdline/apt-dump-solver.cc
index 4729eac55..2e352931f 100644
--- a/cmdline/apt-dump-solver.cc
+++ b/cmdline/apt-dump-solver.cc
@@ -13,6 +13,7 @@
#include <unistd.h>
#include <cstdio>
#include <iostream>
+#include <sstream>
#include <config.h>
/*}}}*/
@@ -23,10 +24,11 @@
static bool ShowHelp() {
ioprintf(std::cout, "%s %s (%s)\n", PACKAGE, PACKAGE_VERSION, COMMON_ARCH);
std::cout <<
- "Usage: apt-dump-resolver\n"
+ "Usage: apt-dump-solver\n"
"\n"
- "apt-dump-resolver is a dummy solver who just dumps its input to the\n"
- "file /tmp/dump.edsp and exists with a proper EDSP error.\n"
+ "apt-dump-solver is a dummy solver who just dumps its input to the\n"
+ "file specified in the environment variable APT_EDSP_DUMP_FILENAME and\n"
+ "exists with a proper EDSP error.\n"
"\n"
" This dump has lost Super Cow Powers.\n";
return true;
@@ -39,16 +41,31 @@ int main(int argc,const char *argv[]) /*{{{*/
ShowHelp();
return 0;
}
- // we really don't need anything
- DropPrivileges();
- FILE* input = fdopen(STDIN_FILENO, "r");
- FILE* output = fopen("/tmp/dump.edsp", "w");
- char buffer[400];
- while (fgets(buffer, sizeof(buffer), input) != NULL)
- fputs(buffer, output);
- fclose(output);
- fclose(input);
+ // we really don't need anything
+ DropPrivileges();
+ char const * const filename = getenv("APT_EDSP_DUMP_FILENAME");
+ if (filename == NULL || strlen(filename) == 0)
+ {
+ EDSP::WriteError("ERR_NO_FILENAME", "You have to set the environment variable APT_EDSP_DUMP_FILENAME\n"
+ "to a valid filename to store the dump of EDSP solver input in.\n"
+ "For example with: export APT_EDSP_DUMP_FILENAME=/tmp/dump.edsp", stdout);
+ return 0;
+ }
+
+ unlink(filename);
+ FileFd input, output;
+ if (input.OpenDescriptor(STDIN_FILENO, FileFd::ReadOnly) == false ||
+ output.Open(filename, FileFd::WriteOnly | FileFd::Create | FileFd::Exclusive, 0600) == false ||
+ CopyFile(input, output) == false || input.Close() == false || output.Close() == false)
+ {
+ std::ostringstream out;
+ out << "Writing EDSP solver input to file '" << filename << "' failed!\n";
+ _error->DumpErrors(out);
+ EDSP::WriteError("ERR_WRITE_ERROR", out.str(), stdout);
+ return 0;
+ }
EDSP::WriteError("ERR_JUST_DUMPING", "I am too dumb, i can just dump!\nPlease use one of my friends instead!", stdout);
+ return 0;
}