Comment 12 for bug 12030

Message-ID: <email address hidden>
Date: Sun, 9 Jan 2005 22:24:11 +0100
From: Javier =?iso-8859-1?Q?Fern=E1ndez-Sanguino_Pe=F1a?= <email address hidden>
To: Bram Moolenaar <email address hidden>
Cc: <email address hidden>
Subject: Re: vim: Race conditions and symlink attacks in vim (tcltags and vimspell)

--h31gzZEtNLTqOjlF
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Jan 09, 2005 at 10:02:35PM +0100, Bram Moolenaar wrote:
>=20
> Javier -
>=20
> > Reviewing vim as part of the security audit the Audit team [1] is=20
> > conducting I've found what I believe are some race conditions and symli=
nk=20
> > attacks through temporary files in vim. They appear in two scripts whic=
h=20
> > are not installed in Debian in binary locations (they are installed und=
er
> > /usr/share/doc/vim/tools/) but are provided with execute permissions.
>=20
> Thanks for looking into this and providing patches.
>=20
> Did you contact the original authors, Darren Hiebert and Neil
> Schemenauer?

No, I didn't. I was not sure if they were still active. Do you want me to=
=20
forward this?

> I wonder if there isn't a shorter method. The handling of the temp file
> becomes more than half the script this way.

Actually, there is, you could remove the lines that try to use a temporary
file in a temporary directory (below the comments) and just abort with a=20
"Cannot create temporary file" message if tmp_tagfile (or OUTFILE) are=20
'none'.

Regards

Javier

--h31gzZEtNLTqOjlF
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFB4aD7i4sehJTrj0oRAsBOAJ0Yq+XhvkJHMktJ2AeHx+m+23Z9GQCeJJ5+
GN96nagKmHLn6ZOPi1WuG4g=
=Clm9
-----END PGP SIGNATURE-----

--h31gzZEtNLTqOjlF--