apt: prevent usage of certain commands as root

Usage of package manager as root has certain bad effects in Termux such as messed up SELinux contexts and ownership. Root checks done in 'pkg' wrapper are not reliable because one can execute 'apt' directly or with third-party script downloaded from the Internet. This commit adds user id check and if it found that uid is 0, apt will refuse to do any work in root session. These checks done in such way so they cannot be bypassed in any way unless command is executed as non-root user. Those who use Termux via ADB root shell should be able to switch to Termux user id with command 'su' in order to have package manager working. --- This change also affects the 'termux-info' utility: * It will no longer use 'apt policy' to detect subscribed repositories. Each source will be checked by script manually. * Information will be copied to clipboard only if 'termux-api' is installed. * Syntax error in timeout command is fixed: 'timeout' doesn't understand the argument '-t'. * Minor information entries reordering.
2019-11-13 16:38:40 +02:00 · 2019-11-13 16:38:40 +02:00 · dc14c12940
parent 7e6a37fe9a
commit dc14c12940
5 changed files with 167 additions and 33 deletions
--- a/packages/apt/0010-prevent-usage-as-root.patch
+++ b/packages/apt/0010-prevent-usage-as-root.patch
@ -0,0 +1,105 @@
+diff -uNr apt-1.4.9/cmdline/apt.cc apt-1.4.9.mod/cmdline/apt.cc
+--- apt-1.4.9/cmdline/apt.cc	2019-01-18 12:42:07.000000000 +0200
+++ apt-1.4.9.mod/cmdline/apt.cc	2019-11-13 14:55:50.954692940 +0200
+@@ -97,6 +97,12 @@
+ 									/*}}}*/
+ int main(int argc, const char *argv[])					/*{{{*/
+ {
+   if (getuid() == 0) {
+      std::cout << "You should not use command 'apt' as root." << std::endl;
+      std::cout << "This is dangerous as may damage your Termux installation and data." << std::endl;
+      return 1;
+   }
+
+    CommandLine CmdL;
+    auto const Cmds = ParseCommandLine(CmdL, APT_CMD::APT, &_config, &_system, argc, argv, &ShowHelp, &GetCommands);
+ 
+diff -uNr apt-1.4.9/cmdline/apt-get.cc apt-1.4.9.mod/cmdline/apt-get.cc
+--- apt-1.4.9/cmdline/apt-get.cc	2019-01-18 12:42:07.000000000 +0200
+++ apt-1.4.9.mod/cmdline/apt-get.cc	2019-11-13 14:55:50.954692940 +0200
+@@ -432,6 +432,12 @@
+ 									/*}}}*/
+ int main(int argc,const char *argv[])					/*{{{*/
+ {
+   if (getuid() == 0) {
+      std::cout << "You should not use command 'apt-get' as root." << std::endl;
+      std::cout << "This is dangerous as may damage your Termux installation and data." << std::endl;
+      return 1;
+   }
+
+    // Parse the command line and initialize the package library
+    CommandLine CmdL;
+    auto const Cmds = ParseCommandLine(CmdL, APT_CMD::APT_GET, &_config, &_system, argc, argv, &ShowHelp, &GetCommands);
+diff -uNr apt-1.4.9/cmdline/apt-key.in apt-1.4.9.mod/cmdline/apt-key.in
+--- apt-1.4.9/cmdline/apt-key.in	2019-11-13 14:55:25.431240010 +0200
+++ apt-1.4.9.mod/cmdline/apt-key.in	2019-11-13 15:04:25.853655116 +0200
+@@ -15,8 +15,11 @@
+ 
+ aptkey_echo() { echo "$@"; }
+ 
+-requires_root() {
+-	:
+assert_no_root() {
+	if [ "$(id -u)" = "0" ]; then
+		apt_error "Refusing to run 'apt-key' as root to prevent damage to your Termux installation."
+		exit 1
+	fi
+ }
+ 
+ command_available() {
+@@ -510,7 +513,6 @@
+ 	 create_new_keyring() { if [ ! -r "$FORCED_KEYRING" ]; then TRUSTEDFILE='/dev/null'; FORCED_KEYRING="$TRUSTEDFILE"; fi; }
+ 	 ;;
+       --fakeroot)
+-	 requires_root() { true; }
+ 	 ;;
+       --quiet)
+ 	 aptkey_echo() { true; }
+@@ -706,7 +708,7 @@
+ case "$command" in
+     add)
+ 	warn_on_script_usage
+-	requires_root
+	assert_no_root
+ 	setup_merged_keyring
+ 	aptkey_execute "$GPG" --quiet --batch --import "$@"
+ 	merge_back_changes
+@@ -714,19 +716,19 @@
+         ;;
+     del|rm|remove)
+ 	# no script warning here as removing 'add' usage needs 'del' for cleanup
+-	requires_root
+	assert_no_root
+ 	foreach_keyring_do 'remove_key_from_keyring' "$@"
+ 	aptkey_echo "OK"
+         ;;
+     update)
+ 	warn_on_script_usage
+-	requires_root
+	assert_no_root
+ 	setup_merged_keyring
+ 	update
+ 	merge_back_changes
+ 	;;
+     net-update)
+-	requires_root
+	assert_no_root
+ 	setup_merged_keyring
+ 	net_update
+ 	merge_back_changes
+diff -uNr apt-1.4.9/cmdline/apt-mark.cc apt-1.4.9.mod/cmdline/apt-mark.cc
+--- apt-1.4.9/cmdline/apt-mark.cc	2019-01-18 12:42:07.000000000 +0200
+++ apt-1.4.9.mod/cmdline/apt-mark.cc	2019-11-13 14:55:50.958026289 +0200
+@@ -316,6 +316,12 @@
+ 									/*}}}*/
+ int main(int argc,const char *argv[])					/*{{{*/
+ {
+   if (getuid() == 0) {
+      std::cout << "You should not use command 'apt-mark' as root." << std::endl;
+      std::cout << "This is dangerous as may damage your Termux installation and data." << std::endl;
+      return 1;
+   }
+
+    CommandLine CmdL;
+    auto const Cmds = ParseCommandLine(CmdL, APT_CMD::APT_MARK, &_config, &_system, argc, argv, &ShowHelp, &GetCommands);
+ 
--- a/packages/apt/build.sh
+++ b/packages/apt/build.sh
@ -2,7 +2,7 @@ TERMUX_PKG_HOMEPAGE=https://packages.debian.org/apt
 TERMUX_PKG_DESCRIPTION="Front-end for the dpkg package manager"
 TERMUX_PKG_LICENSE="GPL-2.0"
 TERMUX_PKG_VERSION=1.4.9
-TERMUX_PKG_REVISION=20
+TERMUX_PKG_REVISION=21
 TERMUX_PKG_SRCURL=http://ftp.debian.org/debian/pool/main/a/apt/apt_${TERMUX_PKG_VERSION}.tar.xz
 TERMUX_PKG_SHA256=d4d65e7c84da86f3e6dcc933bba46a08db429c9d933b667c864f5c0e880bac0d
 # apt-key requires utilities from coreutils, findutils, gpgv, grep, sed.
--- a/packages/termux-tools/build.sh
+++ b/packages/termux-tools/build.sh
@ -1,12 +1,13 @@
 TERMUX_PKG_HOMEPAGE=https://termux.com/
 TERMUX_PKG_DESCRIPTION="Basic system tools for Termux"
 TERMUX_PKG_LICENSE="GPL-3.0"
-TERMUX_PKG_VERSION=0.73
+TERMUX_PKG_VERSION=0.74
 TERMUX_PKG_SKIP_SRC_EXTRACT=true
 TERMUX_PKG_PLATFORM_INDEPENDENT=true
 TERMUX_PKG_ESSENTIAL=true
-TERMUX_PKG_CONFFILES="etc/motd"
 TERMUX_PKG_CONFLICTS="procps (<< 3.3.15-2)"
+TERMUX_PKG_SUGGESTS="termux-api"
+TERMUX_PKG_CONFFILES="etc/motd"

 # Some of these packages are not dependencies and used only to ensure
 # that core packages are installed after upgrading (we removed busybox
--- a/packages/termux-tools/pkg
+++ b/packages/termux-tools/pkg
@ -18,13 +18,6 @@ show_help() {
 	exit 1
 }

-assert_not_root() {
-	if [ $(id -u) -eq 0 ]; then
-		echo "This must NOT be run as root as it will break your environment (root will be required for nearly everything due to changed file permissions)"
-		exit 1
-	fi
-}
-
 check_pkgcache() {
 	if [ -z "$(find @TERMUX_PREFIX@/var/cache/apt/pkgcache.bin -mmin -5)" ]; then
 		apt update
@ -41,13 +34,13 @@ shift 1
 case "$CMD" in
 	f*) dpkg -L "$@";;
 	h*) show_help;;
-	add|i*) assert_not_root; check_pkgcache; apt install "$@";;
+	add|i*) check_pkgcache; apt install "$@";;
 	list-a*) apt list "$@";;
 	list-i*) apt list --installed "$@";;
-	rei*) assert_not_root; apt install --reinstall "$@";;
-	se*) assert_not_root; check_pkgcache; apt search "$@";;
+	rei*) apt install --reinstall "$@";;
+	se*) check_pkgcache; apt search "$@";;
 	sh*) apt show "$@";;
-	un*|rem*|rm|del*) assert_not_root; apt remove "$@";;
-	up*) assert_not_root; apt update; apt full-upgrade "$@";;
+	un*|rem*|rm|del*) apt remove "$@";;
+	up*) apt update; apt full-upgrade "$@";;
 	*) echo "Unknown command: '$CMD' (run 'pkg help' for usage information)"; exit 1;;
 esac
--- a/packages/termux-tools/termux-info
+++ b/packages/termux-tools/termux-info
@ -1,5 +1,4 @@
-#!/bin/sh
-
+#!/bin/bash

 if [ "$#" != "0" ]; then
 	echo 'usage: termux-info'
@ -8,32 +7,68 @@ if [ "$#" != "0" ]; then
 fi

 updates() {
-	apt update >/dev/null 2>&1
-	updatable=$(apt list --upgradable 2>/dev/null | tail -n +2)
-	if [ -z "$updatable" ];then
-		echo "All packages up to date"
+	local updatable
+
+	if [ "$(id -u)" = "0" ]; then
+		echo "Running as root. Cannot check package updates."
 	else
-		echo "$updatable"
+		apt update >/dev/null 2>&1
+		updatable=$(apt list --upgradable 2>/dev/null | tail -n +2)
+
+		if [ -z "$updatable" ];then
+			echo "All packages up to date"
+		else
+			echo "$updatable"
+		fi
 	fi
 }

-output="Updatable packages:
-$(updates)
-Subscribed repositories:
-$(apt-cache policy | grep http | awk '{print $2 " " $3}')
-System information:
-$(uname -a)
-Termux-packages arch:
+repo_subscriptions() {
+	local main_sources
+	main_sources=$(grep -P '^\s*deb\s' "@TERMUX_PREFIX@/etc/apt/sources.list")
+
+	if [ -n "$main_sources" ]; then
+		echo "# sources.list"
+		echo "$main_sources"
+	fi
+
+	local filename repo_package supl_sources
+	while read -r filename; do
+		repo_package=$(dpkg -S "$filename" 2>/dev/null | cut -d : -f 1)
+		supl_sources=$(grep -P '^\s*deb\s' "$filename")
+
+		if [ -n "$supl_sources" ]; then
+			if [ -n "$repo_package" ]; then
+				echo "# $repo_package (sources.list.d/$(basename "$filename"))"
+			else
+				echo "# sources.list.d/$(basename "$filename")"
+			fi
+			echo "$supl_sources"
+		fi
+	done < <(find "@TERMUX_PREFIX@/etc/apt/sources.list.d" -maxdepth 1 ! -type d)
+}
+
+output="Packages CPU architecture:
 $(dpkg --print-architecture)
+Subscribed repositories:
+$(repo_subscriptions)
+Updatable packages:
+$(updates)
 Android version:
 $(getprop ro.build.version.release)
+Kernel build information:
+$(uname -a)
 Device manufacturer:
 $(getprop ro.product.manufacturer)
 Device model:
 $(getprop ro.product.model)"
 echo "$output"
-# Copy to clipboard (requires termux-api)
-# use timeout in case termux-api is installed but the termux:api app is missing
-echo "$output" | busybox timeout -t 3 termux-clipboard-set 2>/dev/null
-busybox timeout -t 3 termux-toast "Information has been copied to the clipboard" 2>/dev/null
+
+if [ -n "$(command -v termux-clipboard-set)" ]; then
+	# Copy to clipboard (requires termux-api)
+	# use timeout in case termux-api is installed but the termux:api app is missing
+	echo "$output" | timeout 3 termux-clipboard-set 2>/dev/null
+	timeout 3 termux-toast "Information has been copied to the clipboard" 2>/dev/null
+fi
+
 exit 0