Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
patch 8.0.1263: others can read the swap file if a user is careless
Problem: Others can read the swap file if a user is careless with his primary group. Solution: If the group permission allows for reading but the world permissions doesn't, make sure the group is right.
- Loading branch information
Showing
4 changed files
with
99 additions
and
40 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,48 +1,82 @@ | ||
" Tests for the swap feature | ||
|
||
" Tests for 'directory' option. | ||
func Test_swap_directory() | ||
"" Tests for 'directory' option. | ||
"func Test_swap_directory() | ||
" if !has("unix") | ||
" return | ||
" endif | ||
" let content = ['start of testfile', | ||
" \ 'line 2 Abcdefghij', | ||
" \ 'line 3 Abcdefghij', | ||
" \ 'end of testfile'] | ||
" call writefile(content, 'Xtest1') | ||
" | ||
" " '.', swap file in the same directory as file | ||
" set dir=.,~ | ||
" | ||
" " Verify that the swap file doesn't exist in the current directory | ||
" call assert_equal([], glob(".Xtest1*.swp", 1, 1, 1)) | ||
" edit Xtest1 | ||
" let swfname = split(execute("swapname"))[0] | ||
" call assert_equal([swfname], glob(swfname, 1, 1, 1)) | ||
" | ||
" " './dir', swap file in a directory relative to the file | ||
" set dir=./Xtest2,.,~ | ||
" | ||
" call mkdir("Xtest2") | ||
" edit Xtest1 | ||
" call assert_equal([], glob(swfname, 1, 1, 1)) | ||
" let swfname = "Xtest2/Xtest1.swp" | ||
" call assert_equal(swfname, split(execute("swapname"))[0]) | ||
" call assert_equal([swfname], glob("Xtest2/*", 1, 1, 1)) | ||
" | ||
" " 'dir', swap file in directory relative to the current dir | ||
" set dir=Xtest.je,~ | ||
" | ||
" call mkdir("Xtest.je") | ||
" call writefile(content, 'Xtest2/Xtest3') | ||
" edit Xtest2/Xtest3 | ||
" call assert_equal(["Xtest2/Xtest3"], glob("Xtest2/*", 1, 1, 1)) | ||
" let swfname = "Xtest.je/Xtest3.swp" | ||
" call assert_equal(swfname, split(execute("swapname"))[0]) | ||
" call assert_equal([swfname], glob("Xtest.je/*", 1, 1, 1)) | ||
" | ||
" set dir& | ||
" call delete("Xtest1") | ||
" call delete("Xtest2", "rf") | ||
" call delete("Xtest.je", "rf") | ||
"endfunc | ||
|
||
func Test_swap_group() | ||
if !has("unix") | ||
return | ||
endif | ||
let content = ['start of testfile', | ||
\ 'line 2 Abcdefghij', | ||
\ 'line 3 Abcdefghij', | ||
\ 'end of testfile'] | ||
call writefile(content, 'Xtest1') | ||
|
||
" '.', swap file in the same directory as file | ||
set dir=.,~ | ||
|
||
" Verify that the swap file doesn't exist in the current directory | ||
call assert_equal([], glob(".Xtest1*.swp", 1, 1, 1)) | ||
edit Xtest1 | ||
let swfname = split(execute("swapname"))[0] | ||
call assert_equal([swfname], glob(swfname, 1, 1, 1)) | ||
|
||
" './dir', swap file in a directory relative to the file | ||
set dir=./Xtest2,.,~ | ||
|
||
call mkdir("Xtest2") | ||
edit Xtest1 | ||
call assert_equal([], glob(swfname, 1, 1, 1)) | ||
let swfname = "Xtest2/Xtest1.swp" | ||
call assert_equal(swfname, split(execute("swapname"))[0]) | ||
call assert_equal([swfname], glob("Xtest2/*", 1, 1, 1)) | ||
let groups = split(system('groups')) | ||
if len(groups) <= 1 | ||
throw 'Skipped: need at least two groups, got ' . groups | ||
endif | ||
|
||
" 'dir', swap file in directory relative to the current dir | ||
set dir=Xtest.je,~ | ||
call delete('Xtest') | ||
split Xtest | ||
call setline(1, 'just some text') | ||
wq | ||
if system('ls -l Xtest') !~ ' ' . groups[0] . ' \d' | ||
throw 'Skipped: test file does not have the first group' | ||
else | ||
silent !chmod 640 Xtest | ||
call system('chgrp ' . groups[1] . ' Xtest') | ||
if system('ls -l Xtest') !~ ' ' . groups[1] . ' \d' | ||
throw 'Skipped: cannot set second group on test file' | ||
else | ||
split Xtest | ||
let swapname = substitute(execute('swapname'), '[[:space:]]', '', 'g') | ||
call assert_match('Xtest', swapname) | ||
" Group of swapfile must now match original file. | ||
call assert_match(' ' . groups[1] . ' \d', system('ls -l ' . swapname)) | ||
|
||
call mkdir("Xtest.je") | ||
call writefile(content, 'Xtest2/Xtest3') | ||
edit Xtest2/Xtest3 | ||
call assert_equal(["Xtest2/Xtest3"], glob("Xtest2/*", 1, 1, 1)) | ||
let swfname = "Xtest.je/Xtest3.swp" | ||
call assert_equal(swfname, split(execute("swapname"))[0]) | ||
call assert_equal([swfname], glob("Xtest.je/*", 1, 1, 1)) | ||
bwipe! | ||
endif | ||
endif | ||
|
||
set dir& | ||
call delete("Xtest1") | ||
call delete("Xtest2", "rf") | ||
call delete("Xtest.je", "rf") | ||
call delete('Xtest') | ||
endfunc |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
5a73e0c
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi,
I did apply this patch (only the part of src/fileio.c)
And tried to reproduce the steps I found here http://www.openwall.com/lists/oss-security/2017/10/31/15
And what I see is that swap files still are created ignoring the umask. Not sure though if those steps are the correct one to test this. Any advice here would be nice. Thanks!
5a73e0c
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note, this commit does not talk about respecting the umask. It only changes the group ownership
5a73e0c
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This has been assigned CVE-2017-17087. After careful examination, it was decided that this is a separate vulnerability from CVE-2017-1000382 and has nothing to do with the umask.
5a73e0c
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This commit does not guard the new use of fchown() in src/fileio.c. Elsewhere fchown is protected inside a "#ifdef HAVE_FCHOWN" block. I've attached a patch to this comment.
vim_guard_fchown.txt
5a73e0c
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.