Simon Ruderich wrote:
> On Tue, Nov 07, 2017 at 10:21:12PM +0100, Bram Moolenaar wrote:
> > Thanks. The temp file is safe, since only the user can read the temp
> > directory, but since it's move to the right place with a rename.
>
> Hello,
>
> I don't understand what you're saying here. Do you mean the
> creation of the temp file in the fallback path is safe because
> it's created in the vim temp directory which is only readable by
> the user? But when it's renamed outside it's an issue (as
> described above in the patch) because then the file which is
> readable by all users becomes visible?
Yes.
> > Can you write a test for this?
>
> I don't know how. It's a race condition which is difficult to
> reproduce (file must not exist during mch_stat, but exist during
> mch_open).
I think you can simulate this by creating the viminfo.tmp file with no
access for the current user. Then mch_stat() fails but creating the
file also fails.
> >> However this patch won't help users which were already affected
> >> by this race condition as write_viminfo() retains the permissions
> >> of an existing viminfo. As the use-case for a viminfo readable by
> >> others doesn't seem very relevant to me, I recommend changing the
> >> viminfo code to always enforce 0600 permissions to prevent this
> >> kind of information leak (for affected users and in general).
> >
> > I wonder if this would ever cause problems. I can't think of something.
>
> Sounds good, I'll attach a second patch which will change the
> behavior and enforce 0600.
I'm awaiting comments.
--
ARTHUR: It is I, Arthur, son of Uther Pendragon, from the castle of Camelot.
King of all Britons, defeator of the Saxons, sovereign of all England!
[Pause]
SOLDIER: Get away!
"Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD
/// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ an exciting new programming language -- http://www.Zimbu.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
