[packages/vim.git] / 6.2.445

To: vim-dev@vim.org
Subject: Patch 6.2.445
Fcc: outbox
From: Bram Moolenaar <Bram@moolenaar.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
------------

Patch 6.2.445
Problem:    Copying vimtutor to /tmp/something is not secure, a symlink may
	    cause trouble.
Solution:   Create a directory and create the file in it.  Use "umask" to
	    create the directory with mode 700.  (Stefan Nordhausen)
Files:	    src/vimtutor


*** ../vim-6.2.444/src/vimtutor	Wed Mar 13 10:04:11 2002
--- src/vimtutor	Sun Apr  4 16:20:16 2004
***************
*** 10,22 ****
  xx=$1
  export xx
  
! # Use Vim to copy the tutor, it knows the value of $VIMRUNTIME
  tmp="${TMPDIR-/tmp}"
! TUTORCOPY=`mktemp $tmp/tutorXXXXXX || tempfile -p tutor || echo $tmp/tutor$$`
  export TUTORCOPY
  
  # remove the copy of the tutor on exit
! trap "rm -f $TUTORCOPY" 0 1 2 3 9 11 13 15
  
  # Vim could be called "vim" or "vi".  Also check for "vim6", for people who
  # have Vim 5.x installed as "vim" and Vim 6.0 as "vim6".
--- 10,43 ----
  xx=$1
  export xx
  
! # We need a temp file for the copy.  First try using a standard command.
  tmp="${TMPDIR-/tmp}"
! TUTORCOPY=`mktemp $tmp/tutorXXXXXX || tempfile -p tutor || echo none`
! 
! # If the standard commands failed then create a directory to put the copy in.
! # That is a secure way to make a temp file.
! if test "$TUTORCOPY" = none; then
! 	tmpdir=$tmp/vimtutor$$
! 	OLD_UMASK=`umask`
! 	umask 077
! 	getout=no
! 	mkdir $tmpdir || getout=yes
! 	umask $OLD_UMASK
! 	if test $getout = yes; then
! 		echo "Could not create directory for tutor copy, exiting."
! 		exit 1
! 	fi
! 	TUTORCOPY=$tmpdir/tutorcopy
! 	touch $TUTORCOPY
! 	TODELETE=$tmpdir
! else
! 	TODELETE=$TUTORCOPY
! fi
! 
  export TUTORCOPY
  
  # remove the copy of the tutor on exit
! trap "rm -rf $TODELETE" 0 1 2 3 9 11 13 15
  
  # Vim could be called "vim" or "vi".  Also check for "vim6", for people who
  # have Vim 5.x installed as "vim" and Vim 6.0 as "vim6".
***************
*** 32,37 ****
--- 53,59 ----
  	fi
  fi
  
+ # Use Vim to copy the tutor, it knows the value of $VIMRUNTIME
  # The script tutor.vim tells Vim which file to copy
  $VIM -u NONE -c 'so $VIMRUNTIME/tutor/tutor.vim'
  
*** ../vim-6.2.444/src/version.c	Sun Apr  4 15:39:18 2004
--- src/version.c	Sun Apr  4 16:18:21 2004
***************
*** 639,640 ****
--- 639,642 ----
  {   /* Add new patch number below this line */
+ /**/
+     445,
  /**/

-- 
hundred-and-one symptoms of being an internet addict:
266. You hear most of your jokes via e-mail instead of in person.

 /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
///        Sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\              Project leader for A-A-P -- http://www.A-A-P.org        ///
 \\\  Buy at Amazon and help AIDS victims -- http://ICCF.nl/click1.html ///
Commit	Line	Data
14b40f53 AG	1	To: vim-dev@vim.org
	2	Subject: Patch 6.2.445
	3	Fcc: outbox
	4	From: Bram Moolenaar <Bram@moolenaar.net>
	5	Mime-Version: 1.0
	6	Content-Type: text/plain; charset=ISO-8859-1
	7	Content-Transfer-Encoding: 8bit
	8	------------
	9
	10	Patch 6.2.445
	11	Problem: Copying vimtutor to /tmp/something is not secure, a symlink may
	12	cause trouble.
	13	Solution: Create a directory and create the file in it. Use "umask" to
	14	create the directory with mode 700. (Stefan Nordhausen)
	15	Files: src/vimtutor
	16
	17
	18	*** ../vim-6.2.444/src/vimtutor Wed Mar 13 10:04:11 2002
	19	--- src/vimtutor Sun Apr 4 16:20:16 2004
	20	***************
	21	* 10,22 **
	22	xx=$1
	23	export xx
	24
	25	! # Use Vim to copy the tutor, it knows the value of $VIMRUNTIME
	26	tmp="${TMPDIR-/tmp}"
	27	! TUTORCOPY=`mktemp $tmp/tutorXXXXXX \|\| tempfile -p tutor \|\| echo $tmp/tutor$$`
	28	export TUTORCOPY
	29
	30	# remove the copy of the tutor on exit
	31	! trap "rm -f $TUTORCOPY" 0 1 2 3 9 11 13 15
	32
	33	# Vim could be called "vim" or "vi". Also check for "vim6", for people who
	34	# have Vim 5.x installed as "vim" and Vim 6.0 as "vim6".
	35	--- 10,43 ----
	36	xx=$1
	37	export xx
	38
	39	! # We need a temp file for the copy. First try using a standard command.
	40	tmp="${TMPDIR-/tmp}"
	41	! TUTORCOPY=`mktemp $tmp/tutorXXXXXX \|\| tempfile -p tutor \|\| echo none`
	42	!
	43	! # If the standard commands failed then create a directory to put the copy in.
	44	! # That is a secure way to make a temp file.
	45	! if test "$TUTORCOPY" = none; then
	46	! tmpdir=$tmp/vimtutor$$
	47	! OLD_UMASK=`umask`
	48	! umask 077
	49	! getout=no
	50	! mkdir $tmpdir \|\| getout=yes
	51	! umask $OLD_UMASK
	52	! if test $getout = yes; then
	53	! echo "Could not create directory for tutor copy, exiting."
	54	! exit 1
	55	! fi
	56	! TUTORCOPY=$tmpdir/tutorcopy
	57	! touch $TUTORCOPY
	58	! TODELETE=$tmpdir
	59	! else
	60	! TODELETE=$TUTORCOPY
	61	! fi
	62	!
	63	export TUTORCOPY
	64
65	# remove the copy of the tutor on exit
66	! trap "rm -rf $TODELETE" 0 1 2 3 9 11 13 15
67
68	# Vim could be called "vim" or "vi". Also check for "vim6", for people who
69	# have Vim 5.x installed as "vim" and Vim 6.0 as "vim6".
70	***************
71	* 32,37 **
72	--- 53,59 ----
73	fi
74	fi
75
76	+ # Use Vim to copy the tutor, it knows the value of $VIMRUNTIME
77	# The script tutor.vim tells Vim which file to copy
78	$VIM -u NONE -c 'so $VIMRUNTIME/tutor/tutor.vim'
79
80	*** ../vim-6.2.444/src/version.c Sun Apr 4 15:39:18 2004
81	--- src/version.c Sun Apr 4 16:18:21 2004
82	***************
83	* 639,640 **
84	--- 639,642 ----
85	{ /* Add new patch number below this line */
86	+ /**/
87	+ 445,
88	/**/
89
90	--
91	hundred-and-one symptoms of being an internet addict:
92	266. You hear most of your jokes via e-mail instead of in person.
93
94	/// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\
95	/// Sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
96	\\\ Project leader for A-A-P -- http://www.A-A-P.org ///
97	\\\ Buy at Amazon and help AIDS victims -- http://ICCF.nl/click1.html ///