If /tmp/vi.recover doesn't exist (this shouldn't actually happen), the
first user who starts vi creates it and tries to set its permissions to
01777. The sticky bit isn't set because of pledge.
Instead of creating the directory, warn once that the vi.recover
directory doesn't exist, afterwards fail silently.
Index: common/recover.c
===================================================================
RCS file: /var/cvs/src/usr.bin/vi/common/recover.c,v
retrieving revision 1.24
diff -u -p -r1.24 recover.c
--- common/recover.c 30 Jan 2016 21:23:50 -0000 1.24
+++ common/recover.c 29 Jun 2016 20:13:40 -0000
@@ -122,29 +122,24 @@ int
rcv_tmp(SCR *sp, EXF *ep, char *name)
{
struct stat sb;
+ static int warned = 0;
int fd;
char *dp, *p, path[PATH_MAX];
/*
* !!!
* ep MAY NOT BE THE SAME AS sp->ep, DON'T USE THE LATTER.
- *
- *
- * If the recovery directory doesn't exist, try and create it. As
- * the recovery files are themselves protected from reading/writing
- * by other than the owner, the worst that can happen is that a user
- * would have permission to remove other user's recovery files. If
- * the sticky bit has the BSD semantics, that too will be impossible.
*/
if (opts_empty(sp, O_RECDIR, 0))
goto err;
dp = O_STR(sp, O_RECDIR);
if (stat(dp, &sb)) {
- if (errno != ENOENT || mkdir(dp, 0)) {
+ if (!warned) {
+ warned = 1;
msgq(sp, M_SYSERR, "%s", dp);
goto err;
}
- (void)chmod(dp, S_IRWXU | S_IRWXG | S_IRWXO | S_ISVTX);
+ return 1;
}
/* Newlines delimit the mail messages. */
