[Yum-devel] [PATCH 2/2] Preload packages from user cachedirs
tim.lauridsen at gmail.com
tim.lauridsen at gmail.com
Mon Sep 10 16:57:48 UTC 2012
On Mon, Sep 10, 2012 at 3:51 PM, Zdeněk Pavlas <zpavlas at redhat.com> wrote:
> ---
> yum/__init__.py | 19 +++++++++++++++++++
> 1 files changed, 19 insertions(+), 0 deletions(-)
>
> diff --git a/yum/__init__.py b/yum/__init__.py
> index d53db6d..dd56399 100644
> --- a/yum/__init__.py
> +++ b/yum/__init__.py
> @@ -44,6 +44,7 @@ import logging
> import logging.config
> import operator
> import tempfile
> +import shutil
>
> import yum.i18n
> # This is required to make gaftonmode work...
> @@ -2220,6 +2221,24 @@ much more problems).
> # nothing *sigh*.
> self.history.close()
>
> + # Preload RPMs from user cache.
> + for po in pkglist:
> + if hasattr(po, 'pkgtype') and po.pkgtype == 'local':
> + continue
> + local = po.localPkg()
> + if not os.path.exists(local):
> + suffix = '/%s/packages/%s' % (po.repo.id,
> os.path.basename(po.remote_path))
> + for user in getattr(self, '_preload_from_user', ()):
> + user += suffix
> + st = misc.stat_f(user)
> + if st and st.st_size == po.size:
> + try:
> + shutil.copy2(user, local) # user-writable,
> must copy
> + if po.verifyLocalPkg():
> + break
> + except IOError: pass
> + misc.unlink_f(local)
> +
> self.plugins.run('predownload', pkglist=pkglist)
> repo_cached = False
> remote_pkgs = []
> --
> 1.7.4.4
>
> _______________________________________________
> Yum-devel mailing list
> Yum-devel at lists.baseurl.org
> http://lists.baseurl.org/mailman/listinfo/yum-devel
>
No problem with the code, but is this safe to just copy packages from a
unpriv user tmp directory from a security point of view ?
Can it be used for injection of infected packages from a unpriv user ?
Tim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.baseurl.org/pipermail/yum-devel/attachments/20120910/44057381/attachment.html>
More information about the Yum-devel
mailing list