Bug#290507: vim does not close file upon :sh

Bram Moolenaar Bram at Moolenaar.net
Wed Jul 29 08:19:32 UTC 2009


James -

On Sat, Oct 07, 2006 at 03:32:45PM +0200, Bram Moolenaar wrote:

ugh, cough, that's a dusty email!

> > > here comes another bug report from the Debian bug tracking system, with
> > > a small security issue.
> > > 
> > > Quoting from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=290507:
> > > 
> > > >  Vim does not close temporary file (.file.swp) when executing shell, so
> > > > program executed in shell can read and write from/to that file, even if
> > > > It is not possible with normal command invocation. Not sure wheter it is
> > > > really recurity problem though.
> > > > 
> > > >  Example:
> > > > 
> > > > # cd
> > > > # vim file
> > > > [edit file and enter :sh to run shell]
> > > > # su user
> > > > $ ls -l .file.swp
> > > > ls: .file.swp: Permission denied
> > > > $ ls -l /proc/self/fd
> > > > ...
> > > > lrwx------  1 user user 64 2005-01-14 15:55 11 -> /root/.file.swp
> > > > ...
> > > > $ echo -e '\nqwerty' >&11
> > > > $ ^D
> > > > # tail -1 .file.swp
> > > > qwerty
> > > > #
> > > 
> > > What's your opinion on this? Do you consider it a bug or not?
> > 
> > It's very normal for a program to keep files open when executing a shell
> > command.  I don't see why Vim should close files before executing a
> > shell command.
> > 
> > If there is a security issue it's that Linux allows writing directly
> > into a file descriptor from another process.  In my opinion only a
> > process itself should be able to do that.
> > 
> > Hmm, perhaps the problem is that system() or execvp() doesn't close the
> > file descriptors in a child process?
> 
> Indeed, that is the case.  Children inherit their parent's file
> descriptors unless the file descriptors are set to close on exec().
> Attached patch does that.

I don't think the FD_CLOEXEC flag is always available.  I'm not sure
when it was added.  Adding an autoconf check for it will help to avoid
breaking the build on old systems.

This page mentions that one should get the flags first:
http://www.cs.ui.ac.id/WebKuliah/IKI10100/resources/contest/OnlineJudge/gnudoc/libc/Descriptor_Flags.html


-- 
Nobody will ever need more than 640 kB RAM.
		-- Bill Gates, 1983
Windows 98 requires 16 MB RAM.
		-- Bill Gates, 1999
Logical conclusion: Nobody will ever need Windows 98.

 /// Bram Moolenaar -- Bram at Moolenaar.net -- http://www.Moolenaar.net   \\\
///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\        download, build and distribute -- http://www.A-A-P.org        ///
 \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///





More information about the pkg-vim-maintainers mailing list