Bug#693462: vim-tiny: vim.tiny tampers with acls and permissions edited file
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Nov 16 18:22:15 UTC 2012
Package: vim-tiny
Version: 2:7.3.547-5
Severity: normal
The act of editing a file with vim.tiny appears to wipe out any ACL
set on the file, and potentially to modify the group or other
permissions:
0 dkg at pip:~$ getfacl test.txt
# file: test.txt
# owner: dkg
# group: dkg
user::rw-
user:wt215:r--
group::---
mask::r--
other::---
0 dkg at pip:~$ vim.tiny test.txt ### make a small edit, then :wq
0 dkg at pip:~$ getfacl test.txt
# file: test.txt
# owner: dkg
# group: dkg
user::rw-
group::r--
other::---
0 dkg at pip:~$
This lead to an information disclosure vulnerability. It's also
pretty annoying for a user who has tried to use ACLs to grant
permissions to a file and had them stripped away silently.
fwiw, emacs seems to do the same thing (see
http://bugs.debian.org/693461).
--dkg
-- Package-specific info:
--- real paths of main Vim binaries ---
/usr/bin/vi is /usr/bin/vim.tiny
/usr/bin/vim is /usr/bin/vim.tiny
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Foreign Architectures: powerpc
Kernel: Linux 3.2.0-4-686-pae (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages vim-tiny depends on:
ii libc6 2.13-35
ii libselinux1 2.1.9-5
ii libtinfo5 5.9-10
ii vim-common 2:7.3.547-5
vim-tiny recommends no packages.
Versions of packages vim-tiny suggests:
pn indent <none>
-- no debconf information
More information about the pkg-vim-maintainers
mailing list