oss-sec mailing list archives
Re: Fw: Security risk of vim swap files
From: Jeffrey Walton <noloader () gmail com>
Date: Wed, 1 Nov 2017 11:31:57 -0400
On Wed, Nov 1, 2017 at 10:49 AM, Tim <tim-security () sentinelchicken org> wrote:
Also, it almost never makes sense to put things in /tmp, for several reasons pointed out by others. Making ~/.vim/... the default location clearly is the best solution.And all those reasons make no sense. /tmp has a sticky bit precisely so that people could put stuff there, as opposed to /run.We've been spending decades fixing filesystem races that arise from cases where people use temporary files in world-writable directories. You have to get a half dozen things exactly correct in order to use /tmp. Why take the risk? Doesn't every normal (human) user account have a home directory that is already protected?
Some installs don't allow users to write to /tmp. For example, some machines on GCC's compile farm do not allow it. I seem to recall the error was a RO mount. Also see https://gcc.gnu.org/wiki/CompileFarm. Code and scripts certainly need to check TMPDIR and then have a fallback strategy if it is missing. Jeff
Current thread:
- Re: Fw: Security risk of vim swap files, (continued)
- Re: Fw: Security risk of vim swap files Jason Cooper (Oct 31)
- Re: Security risk of vim swap files Simon Waters (Surevine) (Oct 31)
- Re: Security risk of vim swap files Matthias Luft (Nov 07)
- Re: Fw: Security risk of vim swap files Tim (Oct 31)
- Re: Fw: Security risk of vim swap files Kurt H Maier (Oct 31)
- Re: Fw: Security risk of vim swap files Tim (Oct 31)
- Re: Fw: Security risk of vim swap files Steffen Nurpmeso (Oct 31)
- Re: Fw: Security risk of vim swap files Leonid Isaev (Nov 01)
- Re: Fw: Security risk of vim swap files Simon McVittie (Nov 01)
- Re: Fw: Security risk of vim swap files Tim (Nov 01)
- Re: Fw: Security risk of vim swap files Jeffrey Walton (Nov 01)
- Re: Fw: Security risk of vim swap files Kurt Seifried (Nov 01)
- Re: Fw: Security risk of vim swap files Jakub Wilk (Nov 01)
- Re: Fw: Security risk of vim swap files Solar Designer (Nov 01)
- Re: Security risk of vim swap files Ian Zimmerman (Nov 06)
- Re: Security risk of vim swap files Solar Designer (Nov 06)
- Re: Security risk of vim swap files Jakub Wilk (Nov 06)
- Re: Fw: Security risk of vim swap files Kurt H Maier (Oct 31)
- Re: Fw: Security risk of vim swap files Jakub Wilk (Nov 01)
- Re: Fw: Security risk of vim swap files Leonid Isaev (Nov 01)
- Re: Fw: Security risk of vim swap files Jan Pokorný (Nov 01)