X-Git-Url: https://git.saurik.com/apt.git/blobdiff_plain/187b88d8d90ee10b2e2e14ba762be2fdd9fce744..17745b02462bfbc0f1e8e5b2a062d887280345ea:/apt-pkg/contrib/fileutl.cc?ds=sidebyside diff --git a/apt-pkg/contrib/fileutl.cc b/apt-pkg/contrib/fileutl.cc index 2b7e25080..a5976cf3a 100644 --- a/apt-pkg/contrib/fileutl.cc +++ b/apt-pkg/contrib/fileutl.cc @@ -138,7 +138,9 @@ bool CopyFile(FileFd &From,FileFd &To) close at some time. */ int GetLock(string File,bool Errors) { - int FD = open(File.c_str(),O_RDWR | O_CREAT | O_TRUNC,0640); + // GetLock() is used in aptitude on directories with public-write access + // Use O_NOFOLLOW here to prevent symlink traversal attacks + int FD = open(File.c_str(),O_RDWR | O_CREAT | O_NOFOLLOW,0640); if (FD < 0) { // Read only .. cant have locking problems there.