diff options
author | Zac Medico <zmedico@gentoo.org> | 2010-07-09 20:55:02 -0700 |
---|---|---|
committer | Zac Medico <zmedico@gentoo.org> | 2010-07-09 20:55:02 -0700 |
commit | 2428b8cbc8f90415532a7777f70bbefeb3c1b8cc (patch) | |
tree | 12d7f2d07fef5292593ee33e5fecff2f61d8526b | |
parent | 960efaf44e550808815ed4c8f1513df9d5b9eb71 (diff) | |
download | portage-2428b8cbc8f90415532a7777f70bbefeb3c1b8cc.tar.gz portage-2428b8cbc8f90415532a7777f70bbefeb3c1b8cc.tar.bz2 portage-2428b8cbc8f90415532a7777f70bbefeb3c1b8cc.zip |
Bug #327507 - Drop privileges when retrieving server timestamp file and
FEATURES=usersync is enabled. This means that the uid of the temporary
timestamp file needs to be temporarily adjusted.
-rw-r--r-- | pym/_emerge/actions.py | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/pym/_emerge/actions.py b/pym/_emerge/actions.py index a4b9f76ba..2e4994a22 100644 --- a/pym/_emerge/actions.py +++ b/pym/_emerge/actions.py @@ -1802,6 +1802,7 @@ def action_sync(settings, trees, mtimedb, myopts, myaction): os.makedirs(myportdir,0o755) st = os.stat(myportdir) + usersync_uid = None spawn_kwargs = {} spawn_kwargs["env"] = settings.environ() if 'usersync' in settings.features and \ @@ -1815,6 +1816,7 @@ def action_sync(settings, trees, mtimedb, myopts, myaction): else: # Drop privileges when syncing, in order to match # existing uid/gid settings. + usersync_uid = st.st_uid spawn_kwargs["uid"] = st.st_uid spawn_kwargs["gid"] = st.st_gid spawn_kwargs["groups"] = [st.st_gid] @@ -2064,6 +2066,9 @@ def action_sync(settings, trees, mtimedb, myopts, myaction): from tempfile import mkstemp fd, tmpservertimestampfile = mkstemp() os.close(fd) + if usersync_uid is not None: + portage.util.apply_permissions(tmpservertimestampfile, + uid=usersync_uid) mycommand = rsynccommand[:] mycommand.append(dosyncuri.rstrip("/") + \ "/metadata/timestamp.chk") @@ -2081,8 +2086,11 @@ def action_sync(settings, trees, mtimedb, myopts, myaction): signal.alarm(rsync_initial_timeout) try: mypids.extend(portage.process.spawn( - mycommand, env=settings.environ(), returnpid=True)) + mycommand, returnpid=True, **spawn_kwargs)) exitcode = os.waitpid(mypids[0], 0)[1] + if usersync_uid is not None: + portage.util.apply_permissions(tmpservertimestampfile, + uid=os.getuid()) content = portage.grabfile(tmpservertimestampfile) finally: if rsync_initial_timeout: |