On Wed, Nov 15, 2017 at 10:08:47PM +0100, Bram Moolenaar wrote:
>> However all that is totally unrelated to the issue the patch
>> mentioned above tries to fix! (My sentence "It's required to fix
>> the race condition." wasn't perfectly precise, the patch doesn't
>> fix the race condition, it only ensures that under the mentioned
>> race condition the viminfo doesn't get readable by all users.)
>>
>> The issue is that all code paths writing the viminfo file enforce
>> strict permissions (only readable by the user unless the old
>> viminfo already allows broader access) except one (which the
>> patch corrects). So first the places where the code correctly
>> enforces the permissions:
>>
>> #if defined(UNIX) || defined(VMS)
>> /*
>> * For Unix we create the .viminfo non-accessible for others,
>> * because it may contain text from non-accessible documents.
>> */
>> umask_save = umask(077);
>> #endif
>> fp_out = mch_fopen((char *)fname, WRITEBIN);
>> #if defined(UNIX) || defined(VMS)
>> (void)umask(umask_save);
>> #endif
>>
>> Correct permissions by using strict umask.
>>
>> #ifdef VMS
>> /* fdopen() fails for some reason */
>> umask_save = umask(077);
>> fp_out = mch_fopen((char *)tempname, WRITEBIN);
>> (void)umask(umask_save);
>> #else
>> int fd;
>>
>> /* Use mch_open() to be able to use O_NOFOLLOW and set file
>> * protection:
>> * Unix: same as original file, but strip s-bit. Reset
>> umask to
>> * avoid it getting in the way.
>> * Others: r&w for user only. */
>> # ifdef UNIX
>> umask_save = umask(0);
>> fd = mch_open((char *)tempname,
>> O_CREAT|O_EXTRA|O_EXCL|O_WRONLY|O_NOFOLLOW,
>> (int)((st_old.st_mode & 0777) |
>> 0600));
>> (void)umask(umask_save);
>> # else
>> fd = mch_open((char *)tempname,
>> O_CREAT|O_EXTRA|O_EXCL|O_WRONLY|O_NOFOLLOW,
>> 0600);
>> # endif
>>
>> Correct permissions either by using umask or the mode field of
>> open(2).
>>
>> However the last place which may create the viminfo is the
>> following code part (described as fallback path in the original
>> patch description):
>>
>> /*
>> * If we can't create in the same directory, try creating a
>> * "normal" temp file. This is just an attempt, renaming
>> the temp
>> * file might fail as well.
>> */
>> if (fp_out == NULL)
>> {
>> vim_free(tempname);
>> if ((tempname = vim_tempname('o', TRUE)) != NULL)
>> fp_out = mch_fopen((char *)tempname, WRITEBIN);
>> }
>>
>> Note that no care is taken to prevent the file from becoming
>> readable for all users! This is what my patch intends to fix.
>
> Yes, that's the missing part.
So, could you please apply my patch? I noticed it's still missing
from the Vim repository.
Regards
Simon
--
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
