From 2428b8cbc8f90415532a7777f70bbefeb3c1b8cc Mon Sep 17 00:00:00 2001 From: Zac Medico Date: Fri, 9 Jul 2010 20:55:02 -0700 Subject: Bug #327507 - Drop privileges when retrieving server timestamp file and FEATURES=usersync is enabled. This means that the uid of the temporary timestamp file needs to be temporarily adjusted. --- pym/_emerge/actions.py | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'pym/_emerge') diff --git a/pym/_emerge/actions.py b/pym/_emerge/actions.py index a4b9f76ba..2e4994a22 100644 --- a/pym/_emerge/actions.py +++ b/pym/_emerge/actions.py @@ -1802,6 +1802,7 @@ def action_sync(settings, trees, mtimedb, myopts, myaction): os.makedirs(myportdir,0o755) st = os.stat(myportdir) + usersync_uid = None spawn_kwargs = {} spawn_kwargs["env"] = settings.environ() if 'usersync' in settings.features and \ @@ -1815,6 +1816,7 @@ def action_sync(settings, trees, mtimedb, myopts, myaction): else: # Drop privileges when syncing, in order to match # existing uid/gid settings. + usersync_uid = st.st_uid spawn_kwargs["uid"] = st.st_uid spawn_kwargs["gid"] = st.st_gid spawn_kwargs["groups"] = [st.st_gid] @@ -2064,6 +2066,9 @@ def action_sync(settings, trees, mtimedb, myopts, myaction): from tempfile import mkstemp fd, tmpservertimestampfile = mkstemp() os.close(fd) + if usersync_uid is not None: + portage.util.apply_permissions(tmpservertimestampfile, + uid=usersync_uid) mycommand = rsynccommand[:] mycommand.append(dosyncuri.rstrip("/") + \ "/metadata/timestamp.chk") @@ -2081,8 +2086,11 @@ def action_sync(settings, trees, mtimedb, myopts, myaction): signal.alarm(rsync_initial_timeout) try: mypids.extend(portage.process.spawn( - mycommand, env=settings.environ(), returnpid=True)) + mycommand, returnpid=True, **spawn_kwargs)) exitcode = os.waitpid(mypids[0], 0)[1] + if usersync_uid is not None: + portage.util.apply_permissions(tmpservertimestampfile, + uid=os.getuid()) content = portage.grabfile(tmpservertimestampfile) finally: if rsync_initial_timeout: -- cgit v1.2.3-1-g7c22