diff options
author | Martin Whitaker <mageia@martin-whitaker.me.uk> | 2019-06-21 21:47:37 +0100 |
---|---|---|
committer | Martin Whitaker <mageia@martin-whitaker.me.uk> | 2019-06-21 22:02:44 +0100 |
commit | f8c0d00fa23a094173dbe17ef4644f860f871f20 (patch) | |
tree | 6775d8a64fdb02c0504982a7b0817cdf4725ada1 /urpm/util.pm | |
parent | 3d029f70096cefbba5836b49d5fde9bb613999cf (diff) | |
download | urpmi-f8c0d00fa23a094173dbe17ef4644f860f871f20.tar urpmi-f8c0d00fa23a094173dbe17ef4644f860f871f20.tar.gz urpmi-f8c0d00fa23a094173dbe17ef4644f860f871f20.tar.bz2 urpmi-f8c0d00fa23a094173dbe17ef4644f860f871f20.tar.xz urpmi-f8c0d00fa23a094173dbe17ef4644f860f871f20.zip |
Ensure urpmi config and cache files are world-readable (mga#24636)
This is needed to allow mgaapplet and urpm* commands run as a
normal user to work when run from a gdm-x-session, which sets
the umask to 027.
See also mga#9386 and mga#22262. We should perhaps take notice
of the msec security level.
Diffstat (limited to 'urpm/util.pm')
-rw-r--r-- | urpm/util.pm | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/urpm/util.pm b/urpm/util.pm index 4dbad1cc..563d3118 100644 --- a/urpm/util.pm +++ b/urpm/util.pm @@ -187,7 +187,20 @@ sub uniq_(&@) { sub output_safe { my ($file, $content, $o_backup_ext) = @_; - + + #- The file must be world-readable, else mgaapplet and urpm* commands run as + #- a normal user won't be able to read it. We enforce umask here in the case + #- where the msec security level is set to 'secure' (which means umask 077) + #- or where we are run from a gdm-x-session (mga#24636) + my $old_umask = umask 0022; + my $retval = output_safe_($file, $content, $o_backup_ext); + umask $old_umask; + $retval; +} + +sub output_safe_ { + my ($file, $content, $o_backup_ext) = @_; + open(my $f, '>', "$file.new") or return; print $f $content or return; close $f or return; |