On Sun, Jan 09, 2005 at 10:02:35PM +0100, Bram Moolenaar wrote:
>
> Javier -
>
> > Reviewing vim as part of the security audit the Audit team [1] is
> > conducting I've found what I believe are some race conditions and symlink
> > attacks through temporary files in vim. They appear in two scripts which
> > are not installed in Debian in binary locations (they are installed under
> > /usr/share/doc/vim/tools/) but are provided with execute permissions.
>
> Thanks for looking into this and providing patches.
>
> Did you contact the original authors, Darren Hiebert and Neil
> Schemenauer?
No, I didn't. I was not sure if they were still active. Do you want me to
forward this?
> I wonder if there isn't a shorter method. The handling of the temp file
> becomes more than half the script this way.
Actually, there is, you could remove the lines that try to use a temporary
file in a temporary directory (below the comments) and just abort with a
"Cannot create temporary file" message if tmp_tagfile (or OUTFILE) are
'none'.
On Sun, Jan 09, 2005 at 10:02:35PM +0100, Bram Moolenaar wrote: doc/vim/ tools/) but are provided with execute permissions.
>
> Javier -
>
> > Reviewing vim as part of the security audit the Audit team [1] is
> > conducting I've found what I believe are some race conditions and symlink
> > attacks through temporary files in vim. They appear in two scripts which
> > are not installed in Debian in binary locations (they are installed under
> > /usr/share/
>
> Thanks for looking into this and providing patches.
>
> Did you contact the original authors, Darren Hiebert and Neil
> Schemenauer?
No, I didn't. I was not sure if they were still active. Do you want me to
forward this?
> I wonder if there isn't a shorter method. The handling of the temp file
> becomes more than half the script this way.
Actually, there is, you could remove the lines that try to use a temporary
file in a temporary directory (below the comments) and just abort with a
"Cannot create temporary file" message if tmp_tagfile (or OUTFILE) are
'none'.
Regards
Javier