diff options
| author |   millert <millert@openbsd.org> | 2018-02-03 15:44:36 +0000 |
|---|---|---|
| committer | millert <millert@openbsd.org> | 2018-02-03 15:44:36 +0000 |
| commit | ff55c761749539e0fd759db0a7f8a9c0efed8588 (patch) | |
| tree | 29269a6c26b665ad824627188746da407812a15b | |
| parent | Simple USBPcap parser for tcpdump(8). Raw dumps can be nicely analysed (diff) | |
| download | wireguard-openbsd-ff55c761749539e0fd759db0a7f8a9c0efed8588.tar.xz wireguard-openbsd-ff55c761749539e0fd759db0a7f8a9c0efed8588.zip | |
The recover script should have the same sanity checks as recover.c.
Specifically, open files with O_NONBLOCK and enforce a mode of 0600.
| -rw-r--r-- | usr.bin/vi/build/recover | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/usr.bin/vi/build/recover b/usr.bin/vi/build/recover index 08655760157..963542eca25 100644 --- a/usr.bin/vi/build/recover +++ b/usr.bin/vi/build/recover @@ -1,6 +1,6 @@ #!/usr/bin/perl -w # -# $OpenBSD: recover,v 1.11 2016/11/05 16:21:56 afresh1 Exp $ +# $OpenBSD: recover,v 1.12 2018/02/03 15:44:36 millert Exp $ # # Script to (safely) recover nvi edit sessions. # @@ -60,7 +60,7 @@ rewinddir(RECDIR); foreach $file (readdir(RECDIR)) { next unless $file =~ /^recover\./; - if (!sysopen(RECFILE, $file, O_RDONLY|O_NOFOLLOW)) { + if (!sysopen(RECFILE, $file, O_RDONLY|O_NOFOLLOW|O_NONBLOCK)) { warn "$0: can't open $file: $!\n"; next; } @@ -68,12 +68,17 @@ foreach $file (readdir(RECDIR)) { # # Delete anything that is not a regular file as that is either # filesystem corruption from fsck or an exploit attempt. + # Real vi recovery files are created with mode 0600, ignore others. # if (!stat(RECFILE)) { warn "$0: can't stat $file: $!\n"; close(RECFILE); next; } + if (((stat(_))[2] & 07777) != 0600) { + close(RECFILE); + next; + } $owner = (stat(_))[4]; if (! -f _ || ! -s _) { unlink($file) unless -d _; |