Don't clobber a fixed-name file in /tmp if the user's home directory isn't set. (Closes: #612034)

Ew ew ew ew ew.  Now I have to cut a security update :(

I almost wonder if it's worth just dropping the hierarchy editor
entirely; probably no-one uses it and there are probably more bugs
hiding there (albeit hopefully not security-related).

1 files changed, 8 insertions, 6 deletions

diff --git a/src/edit_pkg_hier.cc b/src/edit_pkg_hier.cc
index 7189580e..213a97f6 100644
--- a/src/edit_pkg_hier.cc
+++ b/src/edit_pkg_hier.cc
@@ -1,6 +1,6 @@
 // edit_pkg_hier.cc
 //
-//   Copyright (C) 2000-2001, 2004-2006 Daniel Burrows
+//   Copyright (C) 2000-2001, 2004-2006, 2011 Daniel Burrows
 //
 //   This program is free software; you can redistribute it and/or
 //   modify it under the terms of the GNU General Public License as
@@ -332,18 +332,20 @@ bool hier_editor::handle_key(const cw::config::key &k)
   if(cw::config::global_bindings.key_matches(k, "SaveHier"))
     {
       string homedir = get_homedir();
-      string cfgfile;
 
       if(homedir.empty())
 	{
-	  show_message(_("Unable to look up your home directory, saving to /tmp/function_pkgs!"),
+          // This normally will not happen.  Don't default to a fixed
+          // filename to prevent symlink attacks. (Debian bug #612034)
+	  show_message(_("Unable to look up your home directory!"),
 		       NULL,
 		       cw::get_style("Error"));
-	  cfgfile = "/tmp/function_pkgs";
 	}
       else
-	cfgfile = homedir + "/.aptitude/function_pkgs";
-      save_hier(cfgfile);
+        {
+          string cfgfile = homedir + "/.aptitude/function_pkgs";
+          save_hier(cfgfile);
+        }
     }
   else if(cw::config::global_bindings.key_matches(k, "Quit"))
     {