| beebedf1 |
From 5a73e0ca54c77e067c3b12ea6f35e3e8681e8cf8 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Sat, 4 Nov 2017 21:35:01 +0100
Subject: [PATCH] patch 8.0.1263: others can read the swap file if a user is
careless
Problem: Others can read the swap file if a user is careless with his
primary group.
Solution: If the group permission allows for reading but the world
permissions doesn't, make sure the group is right.
---
src/Makefile | 1 +
src/fileio.c | 24 +++++++++-
src/testdir/test_swap.vim | 112 ++++++++++++++++++++++++++++++----------------
src/version.c | 2 +
4 files changed, 99 insertions(+), 40 deletions(-)
diff --git a/src/fileio.c b/src/fileio.c
index 87b85cf..34dcdb6 100644
--- a/src/fileio.c
+++ b/src/fileio.c
@@ -716,7 +716,29 @@ readfile(
/* Set swap file protection bits after creating it. */
if (swap_mode > 0 && curbuf->b_ml.ml_mfp != NULL
&& curbuf->b_ml.ml_mfp->mf_fname != NULL)
- (void)mch_setperm(curbuf->b_ml.ml_mfp->mf_fname, (long)swap_mode);
+ {
+ char_u *swap_fname = curbuf->b_ml.ml_mfp->mf_fname;
+
+ /*
+ * If the group-read bit is set but not the world-read bit, then
+ * the group must be equal to the group of the original file. If
+ * we can't make that happen then reset the group-read bit. This
+ * avoids making the swap file readable to more users when the
+ * primary group of the user is too permissive.
+ */
+ if ((swap_mode & 044) == 040)
+ {
+ stat_T swap_st;
+
+ if (mch_stat((char *)swap_fname, &swap_st) >= 0
+ && st.st_gid != swap_st.st_gid
+ && fchown(curbuf->b_ml.ml_mfp->mf_fd, -1, st.st_gid)
+ == -1)
+ swap_mode &= 0600;
+ }
+
+ (void)mch_setperm(swap_fname, (long)swap_mode);
+ }
#endif
}
|