libalpm: only chown downloaded files when running as root

Some libaplm utilities sync databases as a non-root user for use in actvities other than system updates. The ability to download as a non-root user was broken as part of the download sandboxing. Applying a minimial fix by preventing the chown of the downloaded file if the user is non-root. A larger change increasing the robustness and error checking of this path is warranted in the future. Signed-off-by: Allan McRae <allan@archlinux.org>
author: Allan McRae <allan@archlinux.org> 2024-09-05 17:29:40 +1000
committer: Allan McRae <allan@archlinux.org> 2024-09-08 11:49:21 +1000
commit: 7bc5d55b56f41518e0a53eed13d4c523aea848e5 (patch)
tree: fe90643b213251d413c90555384053f74225febc
parent: 6ba5c20e7629ae9bdd7ceaf5a45484c434363ec5 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/libalpm/dload.c b/lib/libalpm/dload.c
index e6796711..2a169490 100644
--- a/lib/libalpm/dload.c
+++ b/lib/libalpm/dload.c
@@ -76,13 +76,16 @@ static mode_t _getumask(void)
 static int finalize_download_file(const char *filename)
 {
 	struct stat st;
+	uid_t myuid = getuid();
 	ASSERT(filename != NULL, return -1);
 	ASSERT(stat(filename, &st) == 0, return -1);
 	if(st.st_size == 0) {
 		unlink(filename);
                 return 1;
 	}
-	ASSERT(chown(filename, 0, 0) != -1, return -1);
+	if(myuid == 0) {
+		ASSERT(chown(filename, 0, 0) != -1, return -1);
+	}
 	ASSERT(chmod(filename, ~(_getumask()) & 0666) != -1, return -1);
 	return 0;
 }
author	Allan McRae <allan@archlinux.org>	2024-09-05 17:29:40 +1000
committer	Allan McRae <allan@archlinux.org>	2024-09-08 11:49:21 +1000
commit	7bc5d55b56f41518e0a53eed13d4c523aea848e5 (patch)
tree	fe90643b213251d413c90555384053f74225febc
parent	6ba5c20e7629ae9bdd7ceaf5a45484c434363ec5 (diff)