r1661 - trunk/vim

robert Sun, 27 Aug 2006 10:49:35 -0700

Author: robert
Date: 2006-08-27 11:49:06 -0600 (Sun, 27 Aug 2006)
New Revision: 1661


Added:
   trunk/vim/vim-7.0-hardened_tmp-1.patch
Log:
Added vim-7.0-hardened_tmp-1.patch

Added: trunk/vim/vim-7.0-hardened_tmp-1.patch
===================================================================
--- trunk/vim/vim-7.0-hardened_tmp-1.patch                              (rev 0)
+++ trunk/vim/vim-7.0-hardened_tmp-1.patch      2006-08-27 17:49:06 UTC (rev 
1661)
@@ -0,0 +1,108 @@
+Submitted By: Robert Connolly <robert at linuxfromscratch dot org> (ashes)
+Date: 2006-08-27
+Initial Package Version: 7.0
+Upstream Status: Not submitted
+Origin: Openwall Owl Linux - vim-6.4-owl-tmp.diff
+Description: This patch modifies Vim with paranoid temporary file creation.
+
+diff -Naur vim70.orig/runtime/tools/vimspell.sh vim70/runtime/tools/vimspell.sh
+--- vim70.orig/runtime/tools/vimspell.sh       2005-02-03 17:20:48.000000000 
+0000
++++ vim70/runtime/tools/vimspell.sh    2006-08-27 17:28:23.000000000 +0000
+@@ -16,7 +16,7 @@
+ 
+ INFILE=$1
+ tmp="${TMPDIR-/tmp}"
+-OUTFILE=`mktemp -t vimspellXXXXXX || tempfile -p vimspell || echo none`
++OUTFILE="`mktemp -t vimspell.XXXXXXXXXX`" || exit
+ # If the standard commands failed then create the file
+ # since we cannot create a directory (we cannot remove it on exit)
+ # create a file in the safest way possible.
+diff -Naur vim70.orig/src/configure.in vim70/src/configure.in
+--- vim70.orig/src/configure.in        2006-05-04 10:46:11.000000000 +0000
++++ vim70/src/configure.in     2006-08-27 17:26:37.000000000 +0000
+@@ -626,7 +626,7 @@
+       dnl    see what the interpreter is built from
+       AC_CACHE_VAL(vi_cv_path_python_plibs,
+       [
+-          tmp_mkf="/tmp/Makefile-conf$$"
++          tmp_mkf="`pwd`/Makefile-conf$$"
+           cat ${PYTHON_CONFDIR}/Makefile - <<'eof' >${tmp_mkf}
+ __:
+       @echo "python_MODLIBS='$(MODLIBS)'"
+diff -Naur vim70.orig/src/fileio.c vim70/src/fileio.c
+--- vim70.orig/src/fileio.c    2006-04-30 15:28:57.000000000 +0000
++++ vim70/src/fileio.c 2006-08-27 17:32:53.000000000 +0000
+@@ -3303,26 +3303,16 @@
+               /*
+                * Check if we can create a file and set the owner/group to
+                * the ones from the original file.
+-               * First find a file name that doesn't exist yet (use some
+-               * arbitrary numbers).
+                */
+-              STRCPY(IObuff, fname);
+-              for (i = 4913; ; i += 123)
+-              {
+-                  sprintf((char *)gettail(IObuff), "%d", i);
+-                  if (mch_lstat((char *)IObuff, &st) < 0)
+-                      break;
+-              }
+-              fd = mch_open((char *)IObuff,
+-                                  O_CREAT|O_WRONLY|O_EXCL|O_NOFOLLOW, perm);
++              sprintf((char *)IObuff, "%s.XXXXXX", fname);
++              fd = mkstemp((char *)IObuff);
+               if (fd < 0)     /* can't write in directory */
+                   backup_copy = TRUE;
+               else
+               {
+ # ifdef UNIX
+-#  ifdef HAVE_FCHOWN
+-                  fchown(fd, st_old.st_uid, st_old.st_gid);
+-#  endif
++                  if (fchown(fd, st_old.st_uid, st_old.st_gid) == 0)
++                      fchmod(fd, perm);
+                   if (mch_stat((char *)IObuff, &st) < 0
+                           || st.st_uid != st_old.st_uid
+                           || st.st_gid != st_old.st_gid
+diff -Naur vim70.orig/src/vimtutor vim70/src/vimtutor
+--- vim70.orig/src/vimtutor    2004-06-07 14:32:27.000000000 +0000
++++ vim70/src/vimtutor 2006-08-27 17:26:37.000000000 +0000
+@@ -10,34 +10,14 @@
+ xx=$1
+ export xx
+ 
+-# We need a temp file for the copy.  First try using a standard command.
+-tmp="${TMPDIR-/tmp}"
+-TUTORCOPY=`mktemp $tmp/tutorXXXXXX || tempfile -p tutor || echo none`
+-
+-# If the standard commands failed then create a directory to put the copy in.
+-# That is a secure way to make a temp file.
+-if test "$TUTORCOPY" = none; then
+-      tmpdir=$tmp/vimtutor$$
+-      OLD_UMASK=`umask`
+-      umask 077
+-      getout=no
+-      mkdir $tmpdir || getout=yes
+-      umask $OLD_UMASK
+-      if test $getout = yes; then
+-              echo "Could not create directory for tutor copy, exiting."
+-              exit 1
+-      fi
+-      TUTORCOPY=$tmpdir/tutorcopy
+-      touch $TUTORCOPY
+-      TODELETE=$tmpdir
+-else
+-      TODELETE=$TUTORCOPY
+-fi
+-
++# We need a temp file for the copy.
++TUTORCOPY="`mktemp -t vimtutor.XXXXXXXXXX`" || exit
+ export TUTORCOPY
+ 
+ # remove the copy of the tutor on exit
+-trap "rm -rf $TODELETE" 0 1 2 3 9 11 13 15
++trap 'rm -f -- "$TUTORCOPY"' EXIT
++trap 'trap - EXIT; rm -f -- "$TUTORCOPY"; exit 1' HUP INT QUIT TERM
++
+ 
+ # Vim could be called "vim" or "vi".  Also check for "vim6", for people who
+ # have Vim 5.x installed as "vim" and Vim 6.0 as "vim6".

-- 
http://linuxfromscratch.org/mailman/listinfo/patches
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page

r1661 - trunk/vim

Reply via email to