=== modified file 'aptdaemon/worker/aptworker.py'
--- aptdaemon/worker/aptworker.py	2015-05-27 19:32:59 +0000
+++ aptdaemon/worker/aptworker.py	2015-05-27 21:03:50 +0000
@@ -90,6 +90,21 @@
 USE_HTTP="yes"
 """
 
+@contextlib.contextmanager
+def drop_privs(uid):
+    # XXX: get the calling users gid here
+    gid=uid
+    os.setegid(gid)
+    old_groups = os.getgroups()
+    os.setgroups([gid])
+    os.seteuid(uid)
+    try:
+        yield
+    finally:
+        os.seteuid(os.getuid())
+        os.setegid(os.getgid())
+        os.setgroups(old_groups)
+
 
 def trans_only_installs_pkgs_from_high_trust_repos(trans,
                                                    whitelist=set()):
@@ -1197,8 +1212,13 @@
 
         :returns: An apt.debfile.Debfile instance.
         """
-        if not os.path.isfile(path):
-            raise TransactionFailed(ERROR_UNREADABLE_PACKAGE_FILE, path)
+        # this code runs as root for simulate and simulate requires no
+        # authentication - so we need to ensure we do not leak information
+        # about files here (LP: #1449587, CVE-2015-1323)
+        with drop_privs(trans.uid):
+            if not os.path.isfile(path):
+                raise TransactionFailed(ERROR_UNREADABLE_PACKAGE_FILE, path)
+
         if not force and os.path.isfile("/usr/bin/lintian"):
             with DaemonLintianProgress(trans) as progress:
                 progress.run(path)