oss-sec mailing list archives
Re: Fw: Security risk of vim swap files
From: Tim <tim-security () sentinelchicken org>
Date: Tue, 31 Oct 2017 10:54:08 -0700
On Tue, Oct 31, 2017 at 01:23:52PM +0100, Hanno Böck wrote:
I just sent this to the vim dev list, but I guess it's interesting for oss-security, too. ...
Good thing to point out. Same goes for other editors that drop ~ and #...# files and the like. The default location shouldn't be an exposure. Sure, you can argue that maybe some systems should ignore these files, block access, etc, but it is pretty absurd to expect every other piece of software in the universe to work around very unsafe defaults of text editors. Also, it almost never makes sense to put things in /tmp, for several reasons pointed out by others. Making ~/.vim/... the default location clearly is the best solution. Cheers, tim
Current thread:
- Re: Fw: Security risk of vim swap files, (continued)
- Re: Fw: Security risk of vim swap files Stefan Bühler (Oct 31)
- Re: Fw: Security risk of vim swap files Solar Designer (Oct 31)
- Re: Fw: Security risk of vim swap files Stefan Bühler (Oct 31)
- Re: Fw: Security risk of vim swap files Apostolis Hardalias (Oct 31)
- Re: Fw: Security risk of vim swap files Jakub Wilk (Oct 31)
- Re: Fw: Security risk of vim swap files Solar Designer (Oct 31)
- Re: Fw: Security risk of vim swap files Adam Shannon (Oct 31)
- Re: Fw: Security risk of vim swap files Gordo Lowrey (Oct 31)
- Re: Fw: Security risk of vim swap files Solar Designer (Oct 31)
- Re: Fw: Security risk of vim swap files Jason Cooper (Oct 31)
- Re: Security risk of vim swap files Simon Waters (Surevine) (Oct 31)
- Re: Security risk of vim swap files Matthias Luft (Nov 07)
- Re: Fw: Security risk of vim swap files Tim (Oct 31)
- Re: Fw: Security risk of vim swap files Kurt H Maier (Oct 31)
- Re: Fw: Security risk of vim swap files Tim (Oct 31)
- Re: Fw: Security risk of vim swap files Steffen Nurpmeso (Oct 31)
- Re: Fw: Security risk of vim swap files Leonid Isaev (Nov 01)
- Re: Fw: Security risk of vim swap files Simon McVittie (Nov 01)
- Re: Fw: Security risk of vim swap files Tim (Nov 01)
- Re: Fw: Security risk of vim swap files Jeffrey Walton (Nov 01)
- Re: Fw: Security risk of vim swap files Kurt Seifried (Nov 01)
- Re: Fw: Security risk of vim swap files Jakub Wilk (Nov 01)
- Re: Fw: Security risk of vim swap files Solar Designer (Nov 01)
- Re: Fw: Security risk of vim swap files Kurt H Maier (Oct 31)