diff options
author | Julian Andres Klode <julian.klode@canonical.com> | 2020-09-22 13:50:32 +0200 |
---|---|---|
committer | Richard Hughes <richard@hughsie.com> | 2020-09-25 09:53:11 +0100 |
commit | eb81e2f505684ffa0fcd0a461027af2d3b471a90 (patch) | |
tree | cd06a027d5c4e1a2e79fd4605ae151dcd83518be | |
parent | 93cb67109c0ad047228fd4023f368b5c96fc4a0b (diff) |
aptcc: Do not trust local debs (CVE-2020-16122)
Debs do not have signatures on their own, so they are always
untrusted.
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1882098
-rw-r--r-- | backends/aptcc/apt-intf.cpp | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/backends/aptcc/apt-intf.cpp b/backends/aptcc/apt-intf.cpp index fb594b628..2a49928d4 100644 --- a/backends/aptcc/apt-intf.cpp +++ b/backends/aptcc/apt-intf.cpp @@ -124,6 +124,16 @@ bool AptIntf::init(gchar **localDebs) // Create the AptCacheFile class to search for packages m_cache = new AptCacheFile(m_job); if (localDebs) { + PkBitfield flags = pk_backend_job_get_transaction_flags(m_job); + if (pk_bitfield_contain(flags, PK_TRANSACTION_FLAG_ENUM_ONLY_TRUSTED)) { + // We are NOT simulating and have untrusted packages + // fail the transaction. + pk_backend_job_error_code(m_job, + PK_ERROR_ENUM_CANNOT_INSTALL_REPO_UNSIGNED, + "Local packages cannot be authenticated"); + return false; + } + for (int i = 0; i < g_strv_length(localDebs); ++i) { markFileForInstall(localDebs[i]); } |