libalpm: only chown downloaded files when running as root
Some libaplm utilities sync databases as a non-root user for use in actvities other than system updates. The ability to download as a non-root user was broken as part of the download sandboxing. Applying a minimial fix by preventing the chown of the downloaded file if the user is non-root. A larger change increasing the robustness and error checking of this path is warranted in the future. Signed-off-by: Allan McRae <allan@archlinux.org>
This commit is contained in:
parent
6ba5c20e76
commit
7bc5d55b56
@ -76,13 +76,16 @@ static mode_t _getumask(void)
|
||||
static int finalize_download_file(const char *filename)
|
||||
{
|
||||
struct stat st;
|
||||
uid_t myuid = getuid();
|
||||
ASSERT(filename != NULL, return -1);
|
||||
ASSERT(stat(filename, &st) == 0, return -1);
|
||||
if(st.st_size == 0) {
|
||||
unlink(filename);
|
||||
return 1;
|
||||
}
|
||||
ASSERT(chown(filename, 0, 0) != -1, return -1);
|
||||
if(myuid == 0) {
|
||||
ASSERT(chown(filename, 0, 0) != -1, return -1);
|
||||
}
|
||||
ASSERT(chmod(filename, ~(_getumask()) & 0666) != -1, return -1);
|
||||
return 0;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user