Making viminfo readable by other users is most likely not useful. To
prevent information leakage enforce mode 0600.
The race condition fixed in the last patch could also cause viminfo
files readable by other uses. Enforcing mode 0600 restores the
originally indented permissions.
---
Hello,
Updated patch which also updates the documentation.
I still think this is a very rarely used feature which can be
replaced by a more secure setting.
What do you think?
Regards
Simon
runtime/doc/starting.txt | 4 ----
src/ex_cmds.c | 14 +-------------
2 files changed, 1 insertion(+), 17 deletions(-)
diff --git a/runtime/doc/starting.txt b/runtime/doc/starting.txt
index f59c9fa59..9250eaa3b 100644
--- a/runtime/doc/starting.txt
+++ b/runtime/doc/starting.txt
@@ -1528,10 +1528,6 @@ Notes for Unix:
- The file protection for the viminfo file will be set to prevent other users
from being able to read it, because it may contain any text or commands that
you have worked with.
-- If you want to share the viminfo file with other users (e.g. when you "su"
- to another user), you can make the file writable for the group or everybody.
- Vim will preserve this when writing new viminfo files. Be careful, don't
- allow just anybody to read and write your viminfo file!
- Vim will not overwrite a viminfo file that is not writable by the current
"real" user. This helps for when you did "su" to become root, but your
$HOME is still set to a normal user's home directory. Otherwise Vim would
diff --git a/src/ex_cmds.c b/src/ex_cmds.c
index cc50409cf..c250a784f 100644
--- a/src/ex_cmds.c
+++ b/src/ex_cmds.c
@@ -1984,21 +1984,9 @@ write_viminfo(char_u *file, int forceit)
#else
int fd;
- /* Use mch_open() to be able to use O_NOFOLLOW and set file
- * protection:
- * Unix: same as original file, but strip s-bit. Reset umask to
- * avoid it getting in the way.
- * Others: r&w for user only. */
-# ifdef UNIX
- umask_save = umask(0);
- fd = mch_open((char *)tempname,
- O_CREAT|O_EXTRA|O_EXCL|O_WRONLY|O_NOFOLLOW,
- (int)((st_old.st_mode & 0777) | 0600));
- (void)umask(umask_save);
-# else
+ /* Use mch_open() to be able to use O_NOFOLLOW. */
fd = mch_open((char *)tempname,
O_CREAT|O_EXTRA|O_EXCL|O_WRONLY|O_NOFOLLOW, 0600);
-# endif
if (fd < 0)
fp_out = NULL;
else
--
2.15.0
--
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
