oss-sec mailing list archives
Re: Fw: Security risk of vim swap files
From: Jakub Wilk <jwilk () jwilk net>
Date: Tue, 31 Oct 2017 14:35:59 +0100
There's another problem with vim swapfiles.If you edit a file directly in /tmp, vim will happily read a swapfile that were planted there by somebody else. Local users could exploit this for denial of service (or maybe worse if there are any swapfile parsing bugs...).
Is that a bug in vim? Or is it a user error to edit file directly in /tmp?
In the latter case, we should fix at least vipe(1) and vidir(1) from moreutils; and run-mailcap(1).
-- Jakub Wilk
Current thread:
- Fw: Security risk of vim swap files Hanno Böck (Oct 31)
- Re: Fw: Security risk of vim swap files Solar Designer (Oct 31)
- Re: Fw: Security risk of vim swap files Stefan Bühler (Oct 31)
- Re: Fw: Security risk of vim swap files Solar Designer (Oct 31)
- Re: Fw: Security risk of vim swap files Stefan Bühler (Oct 31)
- Re: Fw: Security risk of vim swap files Apostolis Hardalias (Oct 31)
- Re: Fw: Security risk of vim swap files Jakub Wilk (Oct 31)
- Re: Fw: Security risk of vim swap files Solar Designer (Oct 31)
- Re: Fw: Security risk of vim swap files Adam Shannon (Oct 31)
- Re: Fw: Security risk of vim swap files Gordo Lowrey (Oct 31)
- Re: Fw: Security risk of vim swap files Solar Designer (Oct 31)
- Re: Fw: Security risk of vim swap files Jason Cooper (Oct 31)
- Re: Security risk of vim swap files Simon Waters (Surevine) (Oct 31)
- Re: Security risk of vim swap files Matthias Luft (Nov 07)
- Re: Fw: Security risk of vim swap files Tim (Oct 31)
- Re: Fw: Security risk of vim swap files Kurt H Maier (Oct 31)
- Re: Fw: Security risk of vim swap files Tim (Oct 31)
- Re: Fw: Security risk of vim swap files Steffen Nurpmeso (Oct 31)
- Re: Fw: Security risk of vim swap files Kurt H Maier (Oct 31)
(Thread continues...)
- Re: Fw: Security risk of vim swap files Solar Designer (Oct 31)