127361 – vim breaks SELinux contexts for symlinks

Bug 127361 - vim breaks SELinux contexts for symlinks

Summary: vim breaks SELinux contexts for symlinks

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	vim
Sub Component:
Version:	2
Hardware:	i686
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Karsten Hopp
QA Contact:	David Lawrence
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-07-07 04:18 UTC by Tom London
Modified:	2007-11-30 22:10 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2004-07-12 10:50:22 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Tom London 2004-07-07 04:18:18 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040510

Description of problem:
The patch added to have vim maintain SELinux contexts does not work if
the file being edited is a symlink.

In that case, a backup file is created and the context of the backup
is given to the final file (not the context of the original file).

For example, suppose you a file 'file1' with context
'system_u:object_r:initrc_exec_t'. If you edit the file,
it remains with that context.

Suppose you have a symbolic link 'symlink1' to that file with
context 'system_u;object_r:etc_t'. If you edit the symlink (file),
'file1' now has a different context, something like
'root:object_r:etc_t' (the type depends on the path, not on the
context of the symlink).

Version-Release number of selected component (if applicable):
vim-enhanced-6.2.457-1 (and vim-enhanced-6.3.011-2)

How reproducible:
Always

Steps to Reproduce:
1. create a symlink to a file.
2. modify file via 'vim file' and 'vim symlink'
3. ls -lZ file after both.
    

Additional info:

Comment 1 Tom London 2004-07-07 17:26:47 UTC

OK. I've dug a bit deeper. I think the calls to mch_copy_sec() have
the args reversed in the code segment executed when 'backup_copy' is TRUE.

Here is a patch that makes it work with both real files and symlinks.
[I only (lightly) tested those two cases.]

tom
--------------------------------------------------
*** fileio.c    2004-07-07 10:22:46.514931406 -0700
--- SAVE/fileio.c       2004-07-07 10:15:42.922396738 -0700
***************
*** 3331,3337 ****
                            mch_setperm(backup,
                                          (perm & 0707) | ((perm & 07)
<< 3));
  #ifdef HAVE_SELINUX
!                       mch_copy_sec(fname, backup);
  #endif
  #endif
   
--- 3331,3337 ----
                            mch_setperm(backup,
                                          (perm & 0707) | ((perm & 07)
<< 3));
  #ifdef HAVE_SELINUX
!                       mch_copy_sec(backup, fname);
  #endif
  #endif
   
***************
*** 3370,3376 ****
                        mch_set_acl(backup, acl);
  #endif
  #ifdef HAVE_SELINUX
!                       mch_copy_sec(fname, backup);
  #endif
                        break;
                    }
--- 3370,3376 ----
                        mch_set_acl(backup, acl);
  #endif
  #ifdef HAVE_SELINUX
!                       mch_copy_sec(backup, fname);
  #endif
                        break;
                    }

Comment 2 Karsten Hopp 2004-07-12 10:50:22 UTC

vim 6.3.011-4 and newer will have this fix, thanks for tracking down 
the bug !

Note You need to log in before you can comment on or make changes to this bug.