aniani/vim
0
0
Fork 1
mirror of https://github.com/vim/vim.git synced 2025-09-28 04:24:06 -04:00
Code Activity

patch 8.0.1263: others can read the swap file if a user is careless

Browse Source 
Problem:    Others can read the swap file if a user is careless with his
            primary group.
Solution:   If the group permission allows for reading but the world
            permissions doesn't, make sure the group is right.
This commit is contained in:
Bram Moolenaar
2017-11-04 21:35:01 +01:00
parent 7dd88c5133
commit 5a73e0ca54
4 changed files with 99 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/Makefile
View File

@@ -2259,6 +2259,7 @@ test_arglist \
test_stat \ test_stat \
test_statusline \ test_statusline \
test_substitute \ test_substitute \
test_swap \
test_syn_attr \ test_syn_attr \
test_syntax \ test_syntax \
test_system \ test_system \

24
src/fileio.c
View File

@@ -716,7 +716,29 @@ readfile(
/* Set swap file protection bits after creating it. */ /* Set swap file protection bits after creating it. */
if (swap_mode > 0 && curbuf->b_ml.ml_mfp != NULL if (swap_mode > 0 && curbuf->b_ml.ml_mfp != NULL
&& curbuf->b_ml.ml_mfp->mf_fname != NULL) && curbuf->b_ml.ml_mfp->mf_fname != NULL)
(void)mch_setperm(curbuf->b_ml.ml_mfp->mf_fname, (long)swap_mode); {
char_u *swap_fname = curbuf->b_ml.ml_mfp->mf_fname;
/*
* If the group-read bit is set but not the world-read bit, then
* the group must be equal to the group of the original file. If
* we can't make that happen then reset the group-read bit. This
* avoids making the swap file readable to more users when the
* primary group of the user is too permissive.
*/
if ((swap_mode & 044) == 040)
{
stat_T swap_st;
if (mch_stat((char *)swap_fname, &swap_st) >= 0
&& st.st_gid != swap_st.st_gid
&& fchown(curbuf->b_ml.ml_mfp->mf_fd, -1, st.st_gid)
== -1)
swap_mode &= 0600;
}
(void)mch_setperm(swap_fname, (long)swap_mode);
}
#endif #endif
} }

112
src/testdir/test_swap.vim
View File

@@ -1,48 +1,82 @@
" Tests for the swap feature " Tests for the swap feature
" Tests for 'directory' option. "" Tests for 'directory' option.
func Test_swap_directory() "func Test_swap_directory()
" if !has("unix")
" return
" endif
" let content = ['start of testfile',
" \ 'line 2 Abcdefghij',
" \ 'line 3 Abcdefghij',
" \ 'end of testfile']
" call writefile(content, 'Xtest1')
"
" " '.', swap file in the same directory as file
" set dir=.,~
"
" " Verify that the swap file doesn't exist in the current directory
" call assert_equal([], glob(".Xtest1*.swp", 1, 1, 1))
" edit Xtest1
" let swfname = split(execute("swapname"))[0]
" call assert_equal([swfname], glob(swfname, 1, 1, 1))
"
" " './dir', swap file in a directory relative to the file
" set dir=./Xtest2,.,~
"
" call mkdir("Xtest2")
" edit Xtest1
" call assert_equal([], glob(swfname, 1, 1, 1))
" let swfname = "Xtest2/Xtest1.swp"
" call assert_equal(swfname, split(execute("swapname"))[0])
" call assert_equal([swfname], glob("Xtest2/*", 1, 1, 1))
"
" " 'dir', swap file in directory relative to the current dir
" set dir=Xtest.je,~
"
" call mkdir("Xtest.je")
" call writefile(content, 'Xtest2/Xtest3')
" edit Xtest2/Xtest3
" call assert_equal(["Xtest2/Xtest3"], glob("Xtest2/*", 1, 1, 1))
" let swfname = "Xtest.je/Xtest3.swp"
" call assert_equal(swfname, split(execute("swapname"))[0])
" call assert_equal([swfname], glob("Xtest.je/*", 1, 1, 1))
"
" set dir&
" call delete("Xtest1")
" call delete("Xtest2", "rf")
" call delete("Xtest.je", "rf")
"endfunc
func Test_swap_group()
if !has("unix") if !has("unix")
return return
endif endif
let content = ['start of testfile', let groups = split(system('groups'))
\ 'line 2 Abcdefghij', if len(groups) <= 1
\ 'line 3 Abcdefghij', throw 'Skipped: need at least two groups, got ' . groups
\ 'end of testfile'] endif
call writefile(content, 'Xtest1')
" '.', swap file in the same directory as file call delete('Xtest')
set dir=.,~ split Xtest
call setline(1, 'just some text')
wq
if system('ls -l Xtest') !~ ' ' . groups[0] . ' \d'
throw 'Skipped: test file does not have the first group'
else
silent !chmod 640 Xtest
call system('chgrp ' . groups[1] . ' Xtest')
if system('ls -l Xtest') !~ ' ' . groups[1] . ' \d'
throw 'Skipped: cannot set second group on test file'
else
split Xtest
let swapname = substitute(execute('swapname'), '[[:space:]]', '', 'g')
call assert_match('Xtest', swapname)
" Group of swapfile must now match original file.
call assert_match(' ' . groups[1] . ' \d', system('ls -l ' . swapname))
" Verify that the swap file doesn't exist in the current directory bwipe!
call assert_equal([], glob(".Xtest1*.swp", 1, 1, 1)) endif
edit Xtest1 endif
let swfname = split(execute("swapname"))[0]
call assert_equal([swfname], glob(swfname, 1, 1, 1))
" './dir', swap file in a directory relative to the file call delete('Xtest')
set dir=./Xtest2,.,~
call mkdir("Xtest2")
edit Xtest1
call assert_equal([], glob(swfname, 1, 1, 1))
let swfname = "Xtest2/Xtest1.swp"
call assert_equal(swfname, split(execute("swapname"))[0])
call assert_equal([swfname], glob("Xtest2/*", 1, 1, 1))
" 'dir', swap file in directory relative to the current dir
set dir=Xtest.je,~
call mkdir("Xtest.je")
call writefile(content, 'Xtest2/Xtest3')
edit Xtest2/Xtest3
call assert_equal(["Xtest2/Xtest3"], glob("Xtest2/*", 1, 1, 1))
let swfname = "Xtest.je/Xtest3.swp"
call assert_equal(swfname, split(execute("swapname"))[0])
call assert_equal([swfname], glob("Xtest.je/*", 1, 1, 1))
set dir&
call delete("Xtest1")
call delete("Xtest2", "rf")
call delete("Xtest.je", "rf")
endfunc endfunc

2
src/version.c
View File

@@ -761,6 +761,8 @@ static char *(features[]) =
static int included_patches[] = static int included_patches[] =
{ /* Add new patch number below this line */ { /* Add new patch number below this line */
/**/
1263,
/**/ /**/
1262, 1262,
/**/ /**/