Bram Moolenaar wrote:
Yukihiro Nakadaira wrote:
Danek Duvall wrote:
On Wed, Jun 08, 2011 at 06:38:14AM +0200, Bram Moolenaar wrote:
Yasuhiro Matsumoto wrote:
On Unix it uses sockets? How does it protect from other users
sending commands to my Vim?
Yes, it use unix domain socket. this control in
/tmp/vim-cmdsrv-UID-SERVERID on unix. And it is set permission 0600.
For windows, it use named pipe. This is provided for the user. i.e.
serverlist() is listing the files /tmp/vim-cmd-....
This it's sure that only the user himself can access the Vim instance,
right?
I know on Solaris, and I believe on Linux, at least at one point in the
past, the permissions on the socket itself don't actually prevent anyone
from reading or writing. The only protection comes from putting the socket
inside a directory that's inaccessible to anyone but the intended user(s).
Solaris has a getpeerucred() function which allows a program to get the
credential information about a socket's peer, but I don't know if other
OSes have any equivalents.
Thank you for your review.
I fixed the problem as
- Create per user directory with 0700 and store sockets in it.
(/tmp/vim-cmdsrv-UID/SERVERID)
Vim already creates a private directory for temp files. But it's
different for each Vim instance, do you need one for each user?
Using per user directory with fixed name is for ease to list and access
Vim servers. It makes it simple to map server-id to socket path and vice versa.
--
Yukihiro Nakadaira - [email protected]
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
