Bug #327507 - Drop privileges when retrieving server timestamp file and
authorZac Medico <zmedico@gentoo.org>
Sat, 10 Jul 2010 03:55:02 +0000 (20:55 -0700)
committerZac Medico <zmedico@gentoo.org>
Sat, 10 Jul 2010 03:55:02 +0000 (20:55 -0700)
FEATURES=usersync is enabled. This means that the uid of the temporary
timestamp file needs to be temporarily adjusted.

pym/_emerge/actions.py

index a4b9f76bae5ea2a540402633f13f2d15c3d32e4d..2e4994a2245a085ac90a9b446c1fc978430d7968 100644 (file)
@@ -1802,6 +1802,7 @@ def action_sync(settings, trees, mtimedb, myopts, myaction):
                os.makedirs(myportdir,0o755)
                st = os.stat(myportdir)
 
+       usersync_uid = None
        spawn_kwargs = {}
        spawn_kwargs["env"] = settings.environ()
        if 'usersync' in settings.features and \
@@ -1815,6 +1816,7 @@ def action_sync(settings, trees, mtimedb, myopts, myaction):
                else:
                        # Drop privileges when syncing, in order to match
                        # existing uid/gid settings.
+                       usersync_uid = st.st_uid
                        spawn_kwargs["uid"]    = st.st_uid
                        spawn_kwargs["gid"]    = st.st_gid
                        spawn_kwargs["groups"] = [st.st_gid]
@@ -2064,6 +2066,9 @@ def action_sync(settings, trees, mtimedb, myopts, myaction):
                                from tempfile import mkstemp
                                fd, tmpservertimestampfile = mkstemp()
                                os.close(fd)
+                               if usersync_uid is not None:
+                                       portage.util.apply_permissions(tmpservertimestampfile,
+                                               uid=usersync_uid)
                                mycommand = rsynccommand[:]
                                mycommand.append(dosyncuri.rstrip("/") + \
                                        "/metadata/timestamp.chk")
@@ -2081,8 +2086,11 @@ def action_sync(settings, trees, mtimedb, myopts, myaction):
                                                signal.alarm(rsync_initial_timeout)
                                        try:
                                                mypids.extend(portage.process.spawn(
-                                                       mycommand, env=settings.environ(), returnpid=True))
+                                                       mycommand, returnpid=True, **spawn_kwargs))
                                                exitcode = os.waitpid(mypids[0], 0)[1]
+                                               if usersync_uid is not None:
+                                                       portage.util.apply_permissions(tmpservertimestampfile,
+                                                               uid=os.getuid())
                                                content = portage.grabfile(tmpservertimestampfile)
                                        finally:
                                                if rsync_initial_timeout: