Yukihiro Nakadaira wrote: > Danek Duvall wrote: > > On Wed, Jun 08, 2011 at 06:38:14AM +0200, Bram Moolenaar wrote: > > > >> Yasuhiro Matsumoto wrote: > >> > >>>> On Unix it uses sockets? How does it protect from other users > >>>> sending commands to my Vim? > >>> > >>> Yes, it use unix domain socket. this control in > >>> /tmp/vim-cmdsrv-UID-SERVERID on unix. And it is set permission 0600. > >>> For windows, it use named pipe. This is provided for the user. i.e. > >>> serverlist() is listing the files /tmp/vim-cmd-.... > >> > >> This it's sure that only the user himself can access the Vim instance, > >> right? > > > > I know on Solaris, and I believe on Linux, at least at one point in the > > past, the permissions on the socket itself don't actually prevent anyone > > from reading or writing. The only protection comes from putting the socket > > inside a directory that's inaccessible to anyone but the intended user(s). > > > > Solaris has a getpeerucred() function which allows a program to get the > > credential information about a socket's peer, but I don't know if other > > OSes have any equivalents. > > Thank you for your review. > > I fixed the problem as > - Create per user directory with 0700 and store sockets in it. > (/tmp/vim-cmdsrv-UID/SERVERID)
Vim already creates a private directory for temp files. But it's different for each Vim instance, do you need one for each user? > - Check peer's credentials with OS specific method if possible. > (getpeerucred(), getpeereid(), LOCAL_PEERCRED or SO_PEERCRED) > > I tested it with Ubuntu 11.04, OpenSolaris 2009.06 and FreeBSD 8.2. > > src/configure.in was modified for getpeerucred() and getpeereid(). But > src/auto/configure is not updated yet. > > -- > Yukihiro Nakadaira - [email protected] > > -- > You received this message from the "vim_dev" maillist. > Do not top-post! Type your reply below the text you are replying to. > For more information, visit http://www.vim.org/maillist.php -- hundred-and-one symptoms of being an internet addict: 163. You go outside for the fresh air (at -30 degrees) but open the window first to hear new mail arrive. /// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ an exciting new programming language -- http://www.Zimbu.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org /// -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php
