From f8c0d00fa23a094173dbe17ef4644f860f871f20 Mon Sep 17 00:00:00 2001 From: Martin Whitaker Date: Fri, 21 Jun 2019 21:47:37 +0100 Subject: Ensure urpmi config and cache files are world-readable (mga#24636) This is needed to allow mgaapplet and urpm* commands run as a normal user to work when run from a gdm-x-session, which sets the umask to 027. See also mga#9386 and mga#22262. We should perhaps take notice of the msec security level. --- NEWS | 2 ++ urpm/media.pm | 16 ++++++++++++---- urpm/util.pm | 15 ++++++++++++++- 3 files changed, 28 insertions(+), 5 deletions(-) diff --git a/NEWS b/NEWS index a2285266..9eec4115 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,5 @@ +- ensure urpmi config and cache files are world-readable (mga#24636) + Version 8.116 - 27 May 2019 - don't enable 32-bit media by default on 64-bit systems (mga#24376) diff --git a/urpm/media.pm b/urpm/media.pm index cadfc173..52575ff0 100644 --- a/urpm/media.pm +++ b/urpm/media.pm @@ -551,12 +551,14 @@ sub write_urpmi_cfg { }; remove_passwords_and_write_private_netrc($urpm, $config); - # urpmi.cfg must be world-readable, else mgaapplet won't be able to read it - # as it is executed from the user session. We enforce umask here in the case - # where the msec security level is set to 'secure' (which means umask 077). - umask 0022; + #- urpmi.cfg must be world-readable, else mgaapplet and urpm* commands run as + #- a normal user won't be able to read it. We enforce umask here in the case + #- where the msec security level is set to 'secure' (which means umask 077) + #- or where we are run from a gdm-x-session (mga#24636) + my $old_umask = umask 0022; urpm::cfg::dump_config($urpm->{config}, $config) or $urpm->{fatal}(6, N("unable to write config file [%s]", $urpm->{config})); + umask $old_umask; $urpm->{log}(N("wrote config file [%s]", $urpm->{config})); @@ -972,12 +974,18 @@ sub add_medium { $medium->{$_} = $options{$_} if exists $options{$_}; } + #- The medium files must be world-readable, else mgaapplet and urpm* commands run + #- as a normal user won't be able to read them. We enforce umask here in the case + #- where the msec security level is set to 'secure' (which means umask 077) or + #- where we are run from a gdm-x-session (mga#24636) + my $old_umask = umask 0022; #- those files must not be there (cf mdvbz#36267) _clean_statedir_medium_files($urpm, $medium); if (!($options{virtual} && _local_file($medium)) && !$urpm->{urpmi_root}) { # with --urpmi-root, we do not use statedir_media_info_file to allow compatibility with older urpmi mkdir statedir_media_info_dir($urpm, $medium), 0755; } + umask $old_umask; if ($options{virtual}) { $medium->{virtual} = 1; diff --git a/urpm/util.pm b/urpm/util.pm index 4dbad1cc..563d3118 100644 --- a/urpm/util.pm +++ b/urpm/util.pm @@ -187,7 +187,20 @@ sub uniq_(&@) { sub output_safe { my ($file, $content, $o_backup_ext) = @_; - + + #- The file must be world-readable, else mgaapplet and urpm* commands run as + #- a normal user won't be able to read it. We enforce umask here in the case + #- where the msec security level is set to 'secure' (which means umask 077) + #- or where we are run from a gdm-x-session (mga#24636) + my $old_umask = umask 0022; + my $retval = output_safe_($file, $content, $o_backup_ext); + umask $old_umask; + $retval; +} + +sub output_safe_ { + my ($file, $content, $o_backup_ext) = @_; + open(my $f, '>', "$file.new") or return; print $f $content or return; close $f or return; -- cgit v1.2.1