To: vim_dev@googlegroups.com Subject: Patch 8.0.1263 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 8.0.1263 Problem: Others can read the swap file if a user is careless with his primary group. Solution: If the group permission allows for reading but the world permissions doesn't, make sure the group is right. Files: src/fileio.c, src/testdir/test_swap.vim, src/Makefile *** ../vim-8.0.1262/src/fileio.c 2017-10-28 21:08:38.979457009 +0200 --- src/fileio.c 2017-11-04 21:29:17.067642700 +0100 *************** *** 716,722 **** /* Set swap file protection bits after creating it. */ if (swap_mode > 0 && curbuf->b_ml.ml_mfp != NULL && curbuf->b_ml.ml_mfp->mf_fname != NULL) ! (void)mch_setperm(curbuf->b_ml.ml_mfp->mf_fname, (long)swap_mode); #endif } --- 716,744 ---- /* Set swap file protection bits after creating it. */ if (swap_mode > 0 && curbuf->b_ml.ml_mfp != NULL && curbuf->b_ml.ml_mfp->mf_fname != NULL) ! { ! char_u *swap_fname = curbuf->b_ml.ml_mfp->mf_fname; ! ! /* ! * If the group-read bit is set but not the world-read bit, then ! * the group must be equal to the group of the original file. If ! * we can't make that happen then reset the group-read bit. This ! * avoids making the swap file readable to more users when the ! * primary group of the user is too permissive. ! */ ! if ((swap_mode & 044) == 040) ! { ! stat_T swap_st; ! ! if (mch_stat((char *)swap_fname, &swap_st) >= 0 ! && st.st_gid != swap_st.st_gid ! && fchown(curbuf->b_ml.ml_mfp->mf_fd, -1, st.st_gid) ! == -1) ! swap_mode &= 0600; ! } ! ! (void)mch_setperm(swap_fname, (long)swap_mode); ! } #endif } *** ../vim-8.0.1262/src/testdir/test_swap.vim 2017-11-02 21:04:17.987345075 +0100 --- src/testdir/test_swap.vim 2017-11-04 21:28:36.607992132 +0100 *************** *** 1,48 **** " Tests for the swap feature ! " Tests for 'directory' option. ! func Test_swap_directory() if !has("unix") return endif ! let content = ['start of testfile', ! \ 'line 2 Abcdefghij', ! \ 'line 3 Abcdefghij', ! \ 'end of testfile'] ! call writefile(content, 'Xtest1') ! ! " '.', swap file in the same directory as file ! set dir=.,~ ! ! " Verify that the swap file doesn't exist in the current directory ! call assert_equal([], glob(".Xtest1*.swp", 1, 1, 1)) ! edit Xtest1 ! let swfname = split(execute("swapname"))[0] ! call assert_equal([swfname], glob(swfname, 1, 1, 1)) ! ! " './dir', swap file in a directory relative to the file ! set dir=./Xtest2,.,~ ! ! call mkdir("Xtest2") ! edit Xtest1 ! call assert_equal([], glob(swfname, 1, 1, 1)) ! let swfname = "Xtest2/Xtest1.swp" ! call assert_equal(swfname, split(execute("swapname"))[0]) ! call assert_equal([swfname], glob("Xtest2/*", 1, 1, 1)) ! " 'dir', swap file in directory relative to the current dir ! set dir=Xtest.je,~ ! call mkdir("Xtest.je") ! call writefile(content, 'Xtest2/Xtest3') ! edit Xtest2/Xtest3 ! call assert_equal(["Xtest2/Xtest3"], glob("Xtest2/*", 1, 1, 1)) ! let swfname = "Xtest.je/Xtest3.swp" ! call assert_equal(swfname, split(execute("swapname"))[0]) ! call assert_equal([swfname], glob("Xtest.je/*", 1, 1, 1)) ! set dir& ! call delete("Xtest1") ! call delete("Xtest2", "rf") ! call delete("Xtest.je", "rf") endfunc --- 1,82 ---- " Tests for the swap feature ! "" Tests for 'directory' option. ! "func Test_swap_directory() ! " if !has("unix") ! " return ! " endif ! " let content = ['start of testfile', ! " \ 'line 2 Abcdefghij', ! " \ 'line 3 Abcdefghij', ! " \ 'end of testfile'] ! " call writefile(content, 'Xtest1') ! " ! " " '.', swap file in the same directory as file ! " set dir=.,~ ! " ! " " Verify that the swap file doesn't exist in the current directory ! " call assert_equal([], glob(".Xtest1*.swp", 1, 1, 1)) ! " edit Xtest1 ! " let swfname = split(execute("swapname"))[0] ! " call assert_equal([swfname], glob(swfname, 1, 1, 1)) ! " ! " " './dir', swap file in a directory relative to the file ! " set dir=./Xtest2,.,~ ! " ! " call mkdir("Xtest2") ! " edit Xtest1 ! " call assert_equal([], glob(swfname, 1, 1, 1)) ! " let swfname = "Xtest2/Xtest1.swp" ! " call assert_equal(swfname, split(execute("swapname"))[0]) ! " call assert_equal([swfname], glob("Xtest2/*", 1, 1, 1)) ! " ! " " 'dir', swap file in directory relative to the current dir ! " set dir=Xtest.je,~ ! " ! " call mkdir("Xtest.je") ! " call writefile(content, 'Xtest2/Xtest3') ! " edit Xtest2/Xtest3 ! " call assert_equal(["Xtest2/Xtest3"], glob("Xtest2/*", 1, 1, 1)) ! " let swfname = "Xtest.je/Xtest3.swp" ! " call assert_equal(swfname, split(execute("swapname"))[0]) ! " call assert_equal([swfname], glob("Xtest.je/*", 1, 1, 1)) ! " ! " set dir& ! " call delete("Xtest1") ! " call delete("Xtest2", "rf") ! " call delete("Xtest.je", "rf") ! "endfunc ! ! func Test_swap_group() if !has("unix") return endif ! let groups = split(system('groups')) ! if len(groups) <= 1 ! throw 'Skipped: need at least two groups, got ' . groups ! endif ! call delete('Xtest') ! split Xtest ! call setline(1, 'just some text') ! wq ! if system('ls -l Xtest') !~ ' ' . groups[0] . ' \d' ! throw 'Skipped: test file does not have the first group' ! else ! silent !chmod 640 Xtest ! call system('chgrp ' . groups[1] . ' Xtest') ! if system('ls -l Xtest') !~ ' ' . groups[1] . ' \d' ! throw 'Skipped: cannot set second group on test file' ! else ! split Xtest ! let swapname = substitute(execute('swapname'), '[[:space:]]', '', 'g') ! call assert_match('Xtest', swapname) ! " Group of swapfile must now match original file. ! call assert_match(' ' . groups[1] . ' \d', system('ls -l ' . swapname)) ! bwipe! ! endif ! endif ! call delete('Xtest') endfunc *** ../vim-8.0.1262/src/Makefile 2017-11-02 21:04:17.983345100 +0100 --- src/Makefile 2017-11-04 21:11:35.333940466 +0100 *************** *** 2259,2264 **** --- 2259,2265 ---- test_stat \ test_statusline \ test_substitute \ + test_swap \ test_syn_attr \ test_syntax \ test_system \ *** ../vim-8.0.1262/src/version.c 2017-11-04 20:46:35.106721408 +0100 --- src/version.c 2017-11-04 21:11:46.665874933 +0100 *************** *** 763,764 **** --- 763,766 ---- { /* Add new patch number below this line */ + /**/ + 1263, /**/ -- If you only have a hammer, you tend to see every problem as a nail. If you only have MS-Windows, you tend to solve every problem by rebooting. /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ an exciting new programming language -- http://www.Zimbu.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///