FS#65576 - [vim-runtime] vim creates .cache with root permissions if non-existing (sudo -E)

Attached to Project: Arch Linux
Opened by Alad Wenter (Alad) - Thursday, 20 February 2020, 19:15 GMT
Last edited by Levente Polyak (anthraxx) - Thursday, 27 February 2020, 12:00 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Levente Polyak (anthraxx)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:


Additional info:
* package version(s)
vim 8.2.0148-1
* config and/or log files etc.
N/A
* link to upstream bug report, if any
N/A

Steps to reproduce:
1. Edit a file with "sudo -E vim" on a user account without $HOME/.cache
2. Run ls -l $HOME
3. Notice "drwx------ 3 root root 4.0K Feb 20 17:57 .cache"

This is due to sudo -E preserving the HOME environment variable, and the following lines in /usr/share/vim/vimfiles/archlinux.vim:

" Move temporary files to a secure location to protect against CVE-2017-1000382
if exists('$XDG_CACHE_HOME')
let &g:directory=$XDG_CACHE_HOME
else
let &g:directory=$HOME . '/.cache'
endif
let &g:undodir=&g:directory . '/vim/undo//'
let &g:backupdir=&g:directory . '/vim/backup//'
let &g:directory.='/vim/swap//'
" Create directories if they doesn't exist
if ! isdirectory(expand(&g:directory))
silent! call mkdir(expand(&g:directory), 'p', 0700)
endif
if ! isdirectory(expand(&g:backupdir))
silent! call mkdir(expand(&g:backupdir), 'p', 0700)
endif
if ! isdirectory(expand(&g:undodir))
silent! call mkdir(expand(&g:undodir), 'p', 0700)
endif

in particular the mkdir calls, which are run as root but with a non-root $HOME.

A possible workaround is to use "install -o $USER" if $USER is defined, instead of mkdir.
This task depends upon

Closed by  Levente Polyak (anthraxx)
Thursday, 27 February 2020, 12:00 GMT
Reason for closing:  Won't implement
Additional comments about closing:  won't implement for now, vim itself behaves the same for .viminfo etc.
therefor not much gain in trying to work around somehow, alternative approaches seem more resistent to such problems
Comment by Alad Wenter (Alad) - Thursday, 20 February 2020, 19:17 GMT
Regarding the last line in the report: checking $USER would not work, due to it not being set with sudo -E.
Comment by Levente Polyak (anthraxx) - Thursday, 20 February 2020, 19:21 GMT
why exactly would you want to run vim via -E? where is the use case?
Comment by Alad Wenter (Alad) - Thursday, 20 February 2020, 19:25 GMT
It's one approach to preserve the user vim configuration when editing system files. Clearly sudo -e/sudoedit is better, but that doesn't mean using another approach should result in a non-accessible ~/.cache.
Comment by Levente Polyak (anthraxx) - Thursday, 20 February 2020, 19:35 GMT
Sure, but i find it important to understand the use cases and users stories before thinking about solutions, no matter what.

btw, not running vim as root is another option :P

cmap w!! w !sudo tee % >/dev/null
Comment by Levente Polyak (anthraxx) - Thursday, 20 February 2020, 20:25 GMT
unfortunately that usage example will lead everywhere to problems, like ~/.vim/.netrwhist or even core vim's own ~/.viminfo will suffer the same problem. I believe it therefor wouldn't help much to somehow try to fix this for our own script, as .viminfo will still lead to this very problem.
I guess it should be documented on the vim wiki and better options should be considered for this use case

Loading...