oss-sec mailing list archives

Re: Fw: Security risk of vim swap files

From: Jakub Wilk <jwilk () jwilk net>
Date: Wed, 1 Nov 2017 19:02:22 +0100

* Jeffrey Walton <noloader () gmail com>, 2017-11-01, 11:31:

Code and scripts certainly need to check TMPDIR

Unfortunately, glibc's implementation of tmpfile(3), which is the mostfool-proof interface for dealing with temporary files that the C libraryoffers, doesn't honour TMPDIR. :(


BTW, there's a preloadable library that catches writes to /tmp:
https://github.com/paultag/tmperamental

--
Jakub Wilk

Current thread:

Re: Security risk of vim swap files, (continued)
- - Re: Security risk of vim swap files Matthias Luft (Nov 07)
- Re: Fw: Security risk of vim swap files Tim (Oct 31)
  - Re: Fw: Security risk of vim swap files Kurt H Maier (Oct 31)
    - Re: Fw: Security risk of vim swap files Tim (Oct 31)
  - Re: Fw: Security risk of vim swap files Steffen Nurpmeso (Oct 31)
  - Re: Fw: Security risk of vim swap files Leonid Isaev (Nov 01)
    - Re: Fw: Security risk of vim swap files Simon McVittie (Nov 01)
    - Re: Fw: Security risk of vim swap files Tim (Nov 01)
    - Re: Fw: Security risk of vim swap files Jeffrey Walton (Nov 01)
    - Re: Fw: Security risk of vim swap files Kurt Seifried (Nov 01)
    - Re: Fw: Security risk of vim swap files Jakub Wilk (Nov 01)
    - Re: Fw: Security risk of vim swap files Solar Designer (Nov 01)
    - Re: Security risk of vim swap files Ian Zimmerman (Nov 06)
    - Re: Security risk of vim swap files Solar Designer (Nov 06)
    - Re: Security risk of vim swap files Jakub Wilk (Nov 06)
    - Re: Fw: Security risk of vim swap files Jakub Wilk (Nov 01)
    - Re: Fw: Security risk of vim swap files Leonid Isaev (Nov 01)
- Re: Fw: Security risk of vim swap files Kurt Seifried (Oct 31)
  - Re: Fw: Security risk of vim swap files Jan Pokorný (Nov 01)
- Re: Fw: Security risk of vim swap files Matthias Weckbecker (Nov 21)
- Re: Fw: Security risk of vim swap files Z5T1 (Nov 01)

(Thread continues...)