On Tue, Nov 07, 2017 at 10:21:12PM +0100, Bram Moolenaar wrote: > Thanks. The temp file is safe, since only the user can read the temp > directory, but since it's move to the right place with a rename.
Hello, I don't understand what you're saying here. Do you mean the creation of the temp file in the fallback path is safe because it's created in the vim temp directory which is only readable by the user? But when it's renamed outside it's an issue (as described above in the patch) because then the file which is readable by all users becomes visible? > Can you write a test for this? I don't know how. It's a race condition which is difficult to reproduce (file must not exist during mch_stat, but exist during mch_open). >> However this patch won't help users which were already affected >> by this race condition as write_viminfo() retains the permissions >> of an existing viminfo. As the use-case for a viminfo readable by >> others doesn't seem very relevant to me, I recommend changing the >> viminfo code to always enforce 0600 permissions to prevent this >> kind of information leak (for affected users and in general). > > I wonder if this would ever cause problems. I can't think of something. Sounds good, I'll attach a second patch which will change the behavior and enforce 0600. Regards Simon -- + privacy is necessary + using gnupg http://gnupg.org + public key id: 0x92FEFDB7E44C32F9 -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
