* apt-pkg/deb/dpkgpm.cc:

[apt.git] / apt-pkg / contrib / fileutl.cc

diff --git a/apt-pkg/contrib/fileutl.cc b/apt-pkg/contrib/fileutl.cc
index 2b7e25080ef52578fbf672331a0e549ec5476073..4240d9f4930b004828b201d72dd7395161060a8d 100644 (file)
--- a/apt-pkg/contrib/fileutl.cc
+++ b/apt-pkg/contrib/fileutl.cc
@@ -138,7 +138,9 @@ bool CopyFile(FileFd &From,FileFd &To)
    close at some time. */
 int GetLock(string File,bool Errors)
 {
-   int FD = open(File.c_str(),O_RDWR | O_CREAT | O_TRUNC,0640);
+   // GetLock() is used in aptitude on directories with public-write access
+   // Use O_NOFOLLOW here to prevent symlink traversal attacks
+   int FD = open(File.c_str(),O_RDWR | O_CREAT | O_NOFOLLOW,0640);
    if (FD < 0)
    {
       // Read only .. cant have locking problems there.
@@ -448,8 +450,13 @@ bool ExecWait(pid_t Pid,const char *Name,bool Reap)
    {
       if (Reap == true)
         return false;
-      if (WIFSIGNALED(Status) != 0 && WTERMSIG(Status) == SIGSEGV)
-        return _error->Error(_("Sub-process %s received a segmentation fault."),Name);
+      if (WIFSIGNALED(Status) != 0)
+      {
+        if( WTERMSIG(Status) == SIGSEGV)
+           return _error->Error(_("Sub-process %s received a segmentation fault."),Name);
+        else 
+           return _error->Error(_("Sub-process %s received signal %u."),Name, WTERMSIG(Status));
+      }
 
       if (WIFEXITED(Status) != 0)
         return _error->Error(_("Sub-process %s returned an error code (%u)"),Name,WEXITSTATUS(Status));