oss-sec mailing list archives
Re: Fw: Security risk of vim swap files
From: Z5T1 <z5t1 () z5t1 com>
Date: Wed, 1 Nov 2017 11:41:54 -0400
Hello All. I'd just like to add my two sense to this conversation. I have reproduced this on Centos 6 and Cucumber Linux 1.0. It appears that the umask plays no role in the permissions on swap files; Vim creates its swap files with the same permissions as the file being edited. This is still a problem though, as configuration files in /var/www are usually readable by the httpd user, so the Vim .swp will also be readable by the httpd user and consequentially anyone connecting to the webserver. Storing the swap files in /tmp is a bad idea for all the reasons previously discussed; /tmp gets wiped on reboot on most (but not all) Linux distributions and storing the swap files in a location that is readable by every user on the system has is own security problems. For instance, what if root goes to edit /etc/shadow and the swap file is placed in /tmp? I have found this problem can be mitigated by changing the swap directory with the 'set directory' directive as Hanno originally suggested. I have added the following lines to my '/etc/vimrc': " Move the swap file location to protect against CVE-2017-1000382 silent !install -d -m 700 ~/.vim/swap/ 2>&1 > /dev/null set directory=~/.vim/swap/ This safely sets the swap file directory to a directory that should not cause any security problems. For added security, the directory is created so that only the owner has access to it, regardless of how the system's umask is set. Additionally, the swap file collision (if you edit both ~/foo/file and ~/bar/file at the same time) is not a major issue; Vim detects this and gives the second swap file a different file extension. When you go to restore from the swap file, you get a prompt asking which swap file you want to use (if there are two swap files with the same basename), which doesn't strike me as being terribly problematic. I will be adding this to the default '/etc/vimrc' on Cucumber Linux in the next few hours. I thought it may be helpful for other distro maintainers to know as well. - Scott
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Re: Fw: Security risk of vim swap files, (continued)
- Re: Fw: Security risk of vim swap files Jakub Wilk (Nov 01)
- Re: Fw: Security risk of vim swap files Solar Designer (Nov 01)
- Re: Security risk of vim swap files Ian Zimmerman (Nov 06)
- Re: Security risk of vim swap files Solar Designer (Nov 06)
- Re: Security risk of vim swap files Jakub Wilk (Nov 06)
- Re: Fw: Security risk of vim swap files Jakub Wilk (Nov 01)
- Re: Fw: Security risk of vim swap files Leonid Isaev (Nov 01)
- Re: Fw: Security risk of vim swap files Jan Pokorný (Nov 01)
- Re: Re: Fw: Security risk of vim swap files Michael Orlitzky (Nov 01)
- Re: Re: Fw: Security risk of vim swap files Florent Rougon (Nov 01)
- Re: Re: Fw: Security risk of vim swap files Kurt Seifried (Nov 02)
- Re: Re: Fw: Security risk of vim swap files Jakub Wilk (Nov 03)
- Re: Re: Fw: Security risk of vim swap files Scott Court (Nov 03)
- Re: Re: Fw: Security risk of vim swap files Nick Bowler (Nov 03)
- Re: Fw: Security risk of vim swap files Christian Brabandt (Nov 03)
- Re: Fw: Security risk of vim swap files Christian Brabandt (Nov 03)
- Re: Fw: Security risk of vim swap files Christian Brabandt (Nov 05)