On Sun, Jan 09, 2005 at 10:02:35PM +0100, Bram Moolenaar wrote:
>=20
> Javier -
>=20
> > Reviewing vim as part of the security audit the Audit team [1] is=20
> > conducting I've found what I believe are some race conditions and symli=
nk=20
> > attacks through temporary files in vim. They appear in two scripts whic=
h=20
> > are not installed in Debian in binary locations (they are installed und=
er
> > /usr/share/doc/vim/tools/) but are provided with execute permissions.
>=20
> Thanks for looking into this and providing patches.
>=20
> Did you contact the original authors, Darren Hiebert and Neil
> Schemenauer?
No, I didn't. I was not sure if they were still active. Do you want me to=
=20
forward this?
> I wonder if there isn't a shorter method. The handling of the temp file
> becomes more than half the script this way.
Actually, there is, you could remove the lines that try to use a temporary
file in a temporary directory (below the comments) and just abort with a=20
"Cannot create temporary file" message if tmp_tagfile (or OUTFILE) are=20
'none'.
Regards
Javier
--h31gzZEtNLTqOjlF
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
Message-ID: <email address hidden> 1?Q?Fern= E1ndez- Sanguino_ Pe=F1a? = <email address hidden>
Date: Sun, 9 Jan 2005 22:24:11 +0100
From: Javier =?iso-8859-
To: Bram Moolenaar <email address hidden>
Cc: <email address hidden>
Subject: Re: vim: Race conditions and symlink attacks in vim (tcltags and vimspell)
--h31gzZEtNLTqOjlF Disposition: inline Transfer- Encoding: quoted-printable
Content-Type: text/plain; charset=us-ascii
Content-
Content-
On Sun, Jan 09, 2005 at 10:02:35PM +0100, Bram Moolenaar wrote: doc/vim/ tools/) but are provided with execute permissions.
>=20
> Javier -
>=20
> > Reviewing vim as part of the security audit the Audit team [1] is=20
> > conducting I've found what I believe are some race conditions and symli=
nk=20
> > attacks through temporary files in vim. They appear in two scripts whic=
h=20
> > are not installed in Debian in binary locations (they are installed und=
er
> > /usr/share/
>=20
> Thanks for looking into this and providing patches.
>=20
> Did you contact the original authors, Darren Hiebert and Neil
> Schemenauer?
No, I didn't. I was not sure if they were still active. Do you want me to=
=20
forward this?
> I wonder if there isn't a shorter method. The handling of the temp file
> becomes more than half the script this way.
Actually, there is, you could remove the lines that try to use a temporary
file in a temporary directory (below the comments) and just abort with a=20
"Cannot create temporary file" message if tmp_tagfile (or OUTFILE) are=20
'none'.
Regards
Javier
--h31gzZEtNLTqOjlF pgp-signature; name="signature .asc" Description: Digital signature Disposition: inline
Content-Type: application/
Content-
Content-
-----BEGIN PGP SIGNATURE-----
ehJTrj0oRAsBOAJ 0Yq+XhvkJHMktJ2 AeHx+m+ 23Z9GQCeJJ5+ Pi1WuG4g=
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFB4aD7i4s
GN96nagKmHLn6ZO
=Clm9
-----END PGP SIGNATURE-----
--h31gzZEtNLTqO jlF--