diff options
Diffstat (limited to 'sys-apps/man-db/files/man-db-2.8.0-refactor_drop_privs.patch')
-rw-r--r-- | sys-apps/man-db/files/man-db-2.8.0-refactor_drop_privs.patch | 120 |
1 files changed, 0 insertions, 120 deletions
diff --git a/sys-apps/man-db/files/man-db-2.8.0-refactor_drop_privs.patch b/sys-apps/man-db/files/man-db-2.8.0-refactor_drop_privs.patch deleted file mode 100644 index 87db57afb9eb..000000000000 --- a/sys-apps/man-db/files/man-db-2.8.0-refactor_drop_privs.patch +++ /dev/null @@ -1,120 +0,0 @@ -From 24624eaf853158856b8fd0a6f78c873475a16686 Mon Sep 17 00:00:00 2001 -From: Colin Watson <cjwatson@debian.org> -Date: Wed, 7 Feb 2018 12:23:15 +0000 -Subject: Refactor do_system_drop_privs - -Now that we have pipecmd_pre_exec, this can be simplified quite a bit. - -* lib/security.c (drop_privs): New function. -(do_system_drop_privs_child, do_system_drop_privs): Remove. -* lib/security.h (drop_privs): Add prototype. -(do_system_drop_privs): Remove prototype. -* src/man.c (make_browser): Add drop_privs pre-exec hook to browser -command. -(format_display): Call browser using pipeline_run rather than -do_system_drop_privs, since it now has a pre-exec hook to drop -privileges. ---- - lib/security.c | 37 +++---------------------------------- - lib/security.h | 2 +- - src/man.c | 7 +++++-- - 3 files changed, 9 insertions(+), 37 deletions(-) - -diff --git a/lib/security.c b/lib/security.c -index 6e84de8..c9b365d 100644 ---- a/lib/security.c -+++ b/lib/security.c -@@ -158,42 +158,11 @@ void regain_effective_privs (void) - #endif /* MAN_OWNER */ - } - --#ifdef MAN_OWNER --void do_system_drop_privs_child (void *data) -+/* Pipeline command pre-exec hook to permanently drop privileges. */ -+void drop_privs (void *data ATTRIBUTE_UNUSED) - { -- pipeline *p = data; -- -+#ifdef MAN_OWNER - if (idpriv_drop ()) - gripe_set_euid (); -- exit (pipeline_run (p)); --} --#endif /* MAN_OWNER */ -- --/* The safest way to execute a pipeline with no effective privileges is to -- * fork, permanently drop privileges in the child, run the pipeline from the -- * child, and wait for it to die. -- * -- * It is possible to use saved IDs to avoid the fork, since effective IDs -- * are copied to saved IDs on execve; we used to do this. However, forking -- * is not expensive enough to justify the extra code. -- * -- * Note that this frees the supplied pipeline. -- */ --int do_system_drop_privs (pipeline *p) --{ --#ifdef MAN_OWNER -- pipecmd *child_cmd; -- pipeline *child; -- int status; -- -- child_cmd = pipecmd_new_function ("unprivileged child", -- do_system_drop_privs_child, NULL, p); -- child = pipeline_new_commands (child_cmd, NULL); -- status = pipeline_run (child); -- -- pipeline_free (p); -- return status; --#else /* !MAN_OWNER */ -- return pipeline_run (p); - #endif /* MAN_OWNER */ - } -diff --git a/lib/security.h b/lib/security.h -index 7545502..851127d 100644 ---- a/lib/security.h -+++ b/lib/security.h -@@ -27,7 +27,7 @@ - /* security.c */ - extern void drop_effective_privs (void); - extern void regain_effective_privs (void); --extern int do_system_drop_privs (struct pipeline *p); -+extern void drop_privs (void *data); - extern void init_security (void); - extern int running_setuid (void); - extern struct passwd *get_man_owner (void); -diff --git a/src/man.c b/src/man.c -index 959d6cc..ff7ebc7 100644 ---- a/src/man.c -+++ b/src/man.c -@@ -1481,6 +1481,7 @@ static pipeline *make_roff_command (const char *dir, const char *file, - static pipeline *make_browser (const char *pattern, const char *file) - { - pipeline *p; -+ pipecmd *cmd; - char *browser = xmalloc (1); - int found_percent_s = 0; - char *percent; -@@ -1526,7 +1527,9 @@ static pipeline *make_browser (const char *pattern, const char *file) - free (esc_file); - } - -- p = pipeline_new_command_args ("/bin/sh", "-c", browser, NULL); -+ cmd = pipecmd_new_args ("/bin/sh", "-c", browser, NULL); -+ pipecmd_pre_exec (cmd, drop_privs, NULL, NULL); -+ p = pipeline_new_commands (cmd, NULL); - pipeline_ignore_signals (p, 1); - free (browser); - -@@ -2021,7 +2024,7 @@ static void format_display (pipeline *decomp, - pipeline *browser; - debug ("Trying browser: %s\n", candidate); - browser = make_browser (candidate, htmlfile); -- disp_status = do_system_drop_privs (browser); -+ disp_status = pipeline_run (browser); - if (!disp_status) - break; - } --- -cgit v1.0-41-gc330 - |