Mercurial > vim

changeset 12820:63d87ba12c34 v8.0.1287

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 8.0.1287: temp file used for viminfo may have wrong permissions commit https://github.com/vim/vim/commit/aeeb6888ca3ee5122793b37c5aacc6c960b02c37 Author: Bram Moolenaar <Bram@vim.org> Date: Sat Nov 11 16:45:19 2017 +0100 patch 8.0.1287: temp file used for viminfo may have wrong permissions Problem: The temp file used when updating the viminfo file may have the wrong permissions if setting the group fails. Solution: Check if the group matches and reduce permissions if not.
author Christian Brabandt <cb@256bit.org>
date Sat, 11 Nov 2017 17:00:05 +0100
parents 04dd96dfff4c
children 4d335cbf1a6d
files src/ex_cmds.c src/version.c
diffstat 2 files changed, 26 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/src/ex_cmds.c
+++ b/src/ex_cmds.c
@@ -2007,7 +2007,8 @@ write_viminfo(char_u *file, int forceit)
 
 	    /*
 	     * If we can't create in the same directory, try creating a
-	     * "normal" temp file.
+	     * "normal" temp file.  This is just an attempt, renaming the temp
+	     * file might fail as well.
 	     */
 	    if (fp_out == NULL)
 	    {
@@ -2018,11 +2019,29 @@ write_viminfo(char_u *file, int forceit)
 
 #if defined(UNIX) && defined(HAVE_FCHOWN)
 	    /*
-	     * Make sure the owner can read/write it.  This only works for
-	     * root.
+	     * Make sure the original owner can read/write the tempfile and
+	     * otherwise preserve permissions, making sure the group matches.
 	     */
 	    if (fp_out != NULL)
-		ignored = fchown(fileno(fp_out), st_old.st_uid, st_old.st_gid);
+	    {
+		stat_T	tmp_st;
+
+		if (mch_stat((char *)tempname, &tmp_st) >= 0)
+		{
+		    if (st_old.st_uid != tmp_st.st_uid)
+			/* Changing the owner might fail, in which case the
+			 * file will now owned by the current user, oh well. */
+			ignored = fchown(fileno(fp_out), st_old.st_uid, -1);
+		    if (st_old.st_gid != tmp_st.st_gid
+			    && fchown(fileno(fp_out), -1, st_old.st_gid) == -1)
+			/* can't set the group to what it should be, remove
+			 * group permissions */
+			(void)mch_setperm(tempname, 0600);
+		}
+		else
+		    /* can't stat the file, set conservative permissions */
+		    (void)mch_setperm(tempname, 0600);
+	    }
 #endif
 	}
     }
@@ -7536,7 +7555,7 @@ ex_sign(exarg_T *eap)
     int		idx;
     sign_T	*sp;
     sign_T	*sp_prev;
-    buf_T	*buf;
+    buf_T	*buf = NULL;
 
     /* Parse the subcommand. */
     p = skiptowhite(arg);
--- a/src/version.c
+++ b/src/version.c
@@ -762,6 +762,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    1287,
+/**/
     1286,
 /**/
     1285,