Set 'noshelltemp' when executing gnupg

This is another step to prevent writing out sensitive information to disk.
Typically, when running an external command, Vim writes the command input (the
buffer in this case) to a file in a private temp directory.  When
'noshelltemp' is set and the system supports it, Vim uses pipes to the child
process to handle this instead.

Signed-off-by: James Vega <vega.james@gmail.com>
This commit is contained in:
James Vega 2011-05-24 01:21:19 -04:00
parent 11760e451a
commit 5739223478

View File

@ -247,6 +247,11 @@ function s:GPGInit()
" setup shell environment for unix and windows " setup shell environment for unix and windows
let s:shellredirsave = &shellredir let s:shellredirsave = &shellredir
let s:shellsave = &shell let s:shellsave = &shell
let s:shelltempsave = &shelltemp
" noshelltemp isn't currently supported on Windows, but it doesn't cause any
" errors and this future proofs us against requiring changes if Windows
" gains noshelltemp functionality
let s:shelltemp = 0
if (has("unix")) if (has("unix"))
" unix specific settings " unix specific settings
let s:shellredir = ">%s 2>&1" let s:shellredir = ">%s 2>&1"
@ -262,6 +267,7 @@ function s:GPGInit()
call s:GPGDebug(3, "shellredirsave: " . s:shellredirsave) call s:GPGDebug(3, "shellredirsave: " . s:shellredirsave)
call s:GPGDebug(3, "shellsave: " . s:shellsave) call s:GPGDebug(3, "shellsave: " . s:shellsave)
call s:GPGDebug(3, "shelltempsave: " . s:shelltempsave)
call s:GPGDebug(3, "shell: " . s:shell) call s:GPGDebug(3, "shell: " . s:shell)
call s:GPGDebug(3, "shellcmdflag: " . &shellcmdflag) call s:GPGDebug(3, "shellcmdflag: " . &shellcmdflag)
@ -333,9 +339,11 @@ function s:GPGDecrypt()
call s:GPGDebug(3, "command: " . commandline) call s:GPGDebug(3, "command: " . commandline)
let &shellredir = s:shellredir let &shellredir = s:shellredir
let &shell = s:shell let &shell = s:shell
let &shelltemp = s:shelltemp
let output = system(commandline) let output = system(commandline)
let &shellredir = s:shellredirsave let &shellredir = s:shellredirsave
let &shell = s:shellsave let &shell = s:shellsave
let &shelltemp = s:shelltempsave
call s:GPGDebug(3, "output: ". output) call s:GPGDebug(3, "output: ". output)
" check if the file is symmetric/asymmetric encrypted " check if the file is symmetric/asymmetric encrypted
@ -408,9 +416,11 @@ function s:GPGDecrypt()
call s:GPGDebug(1, "command: " . commandline) call s:GPGDebug(1, "command: " . commandline)
let &shellredir = s:shellredir let &shellredir = s:shellredir
let &shell = s:shell let &shell = s:shell
let &shelltemp = s:shelltemp
execute commandline execute commandline
let &shellredir = s:shellredirsave let &shellredir = s:shellredirsave
let &shell = s:shellsave let &shell = s:shellsave
let &shelltemp = s:shelltempsave
if (v:shell_error) " message could not be decrypted if (v:shell_error) " message could not be decrypted
echohl GPGError echohl GPGError
let blackhole = input("Message could not be decrypted! (Press ENTER)") let blackhole = input("Message could not be decrypted! (Press ENTER)")
@ -516,9 +526,11 @@ function s:GPGEncrypt()
call s:GPGDebug(1, "command: " . commandline) call s:GPGDebug(1, "command: " . commandline)
let &shellredir = s:shellredir let &shellredir = s:shellredir
let &shell = s:shell let &shell = s:shell
let &shelltemp = s:shelltemp
silent execute commandline silent execute commandline
let &shellredir = s:shellredirsave let &shellredir = s:shellredirsave
let &shell = s:shellsave let &shell = s:shellsave
let &shelltemp = s:shelltempsave
" restore encoding " restore encoding
if (s:GPGEncoding != "") if (s:GPGEncoding != "")