From f23c3c764350efa85c96c64bb76caae907717ce1 Mon Sep 17 00:00:00 2001 From: James Vega Date: Tue, 24 May 2011 01:21:19 -0400 Subject: [PATCH] Set 'noshelltemp' when executing gnupg This is another step to prevent writing out sensitive information to disk. Typically, when running an external command, Vim writes the command input (the buffer in this case) to a file in a private temp directory. When 'noshelltemp' is set and the system supports it, Vim uses pipes to the child process to handle this instead. Signed-off-by: James Vega --- plugin/gnupg.vim | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/plugin/gnupg.vim b/plugin/gnupg.vim index 4621ede..3d5b12c 100644 --- a/plugin/gnupg.vim +++ b/plugin/gnupg.vim @@ -247,6 +247,11 @@ function s:GPGInit() " setup shell environment for unix and windows let s:shellredirsave = &shellredir let s:shellsave = &shell + let s:shelltempsave = &shelltemp + " noshelltemp isn't currently supported on Windows, but it doesn't cause any + " errors and this future proofs us against requiring changes if Windows + " gains noshelltemp functionality + let s:shelltemp = 0 if (has("unix")) " unix specific settings let s:shellredir = ">%s 2>&1" @@ -262,6 +267,7 @@ function s:GPGInit() call s:GPGDebug(3, "shellredirsave: " . s:shellredirsave) call s:GPGDebug(3, "shellsave: " . s:shellsave) + call s:GPGDebug(3, "shelltempsave: " . s:shelltempsave) call s:GPGDebug(3, "shell: " . s:shell) call s:GPGDebug(3, "shellcmdflag: " . &shellcmdflag) @@ -333,9 +339,11 @@ function s:GPGDecrypt() call s:GPGDebug(3, "command: " . commandline) let &shellredir = s:shellredir let &shell = s:shell + let &shelltemp = s:shelltemp let output = system(commandline) let &shellredir = s:shellredirsave let &shell = s:shellsave + let &shelltemp = s:shelltempsave call s:GPGDebug(3, "output: ". output) " check if the file is symmetric/asymmetric encrypted @@ -408,9 +416,11 @@ function s:GPGDecrypt() call s:GPGDebug(1, "command: " . commandline) let &shellredir = s:shellredir let &shell = s:shell + let &shelltemp = s:shelltemp execute commandline let &shellredir = s:shellredirsave let &shell = s:shellsave + let &shelltemp = s:shelltempsave if (v:shell_error) " message could not be decrypted echohl GPGError let blackhole = input("Message could not be decrypted! (Press ENTER)") @@ -516,9 +526,11 @@ function s:GPGEncrypt() call s:GPGDebug(1, "command: " . commandline) let &shellredir = s:shellredir let &shell = s:shell + let &shelltemp = s:shelltemp silent execute commandline let &shellredir = s:shellredirsave let &shell = s:shellsave + let &shelltemp = s:shelltempsave " restore encoding if (s:GPGEncoding != "")