From 9c11f80339372b7aa2f43153d574f2b5abb79708 Mon Sep 17 00:00:00 2001 From: Li Zhou Date: Sun, 17 Dec 2017 23:09:35 -0800 Subject: [PATCH] vim: patch 8.0.1263: others can read the swap file if a user is careless Problem: Others can read the swap file if a user is careless with his primary group. Solution: If the group permission allows for reading but the world permissions doesn't, make sure the group is right. Upstream-Status: Backport CVE: CVE-2017-17087 Signed-off-by: Li Zhou --- src/fileio.c | 24 +++++++++++++++++++++++- src/version.c | 2 ++ 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/src/fileio.c b/src/fileio.c index f54fb8465..2c7740af9 100644 --- a/src/fileio.c +++ b/src/fileio.c @@ -716,7 +716,29 @@ readfile( /* Set swap file protection bits after creating it. */ if (swap_mode > 0 && curbuf->b_ml.ml_mfp != NULL && curbuf->b_ml.ml_mfp->mf_fname != NULL) - (void)mch_setperm(curbuf->b_ml.ml_mfp->mf_fname, (long)swap_mode); + { + char_u *swap_fname = curbuf->b_ml.ml_mfp->mf_fname; + + /* + * If the group-read bit is set but not the world-read bit, then + * the group must be equal to the group of the original file. If + * we can't make that happen then reset the group-read bit. This + * avoids making the swap file readable to more users when the + * primary group of the user is too permissive. + */ + if ((swap_mode & 044) == 040) + { + stat_T swap_st; + + if (mch_stat((char *)swap_fname, &swap_st) >= 0 + && st.st_gid != swap_st.st_gid + && fchown(curbuf->b_ml.ml_mfp->mf_fd, -1, st.st_gid) + == -1) + swap_mode &= 0600; + } + + (void)mch_setperm(swap_fname, (long)swap_mode); + } #endif } diff --git a/src/version.c b/src/version.c index a5cb078f0..5c0df475f 100644 --- a/src/version.c +++ b/src/version.c @@ -770,6 +770,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ /**/ + 1263, +/**/ 983, /**/ 982, -- 2.11.0