oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: Fw: Security risk of vim swap files

From: Nick Bowler <nbowler () draconx ca>
Date: Fri, 3 Nov 2017 14:14:11 -0400
On 2017-11-03, Scott Court <z5t1 () z5t1 com> wrote:

I have refined the vimrc changes that I originally posted (with the help
of Christian) and have found appending the following to your vimrc be a
decent way to mitigate against all known forms of this attack until a
proper patch is released:

" Move the swap file location to protect against CVE-2017-1000382
" More information at
http://security.cucumberlinux.com/security/details.php?id=120
" A big thanks goes to Christian Brabandt (cb () 256bit org)
" for helping with this fix.
if ! isdirectory("~/.vim/swap/")
        silent !install -d -m 700 ~/.vim/swap/ 2>&1 > /dev/null
endif
set directory=~/.vim/swap//

The only drawback to this approach is that it eliminates the warning
when multiple users attempt to edit the same file at the same time;
however, this seems preferable to the alternative of being vulnerable.


This is not the "only drawback".  Among other things, such configuration
fails very badly when network mounts are involved.

 - If the swap directory is shared between multiple hosts (e.g., $HOME
   is NFS-mounted), then you will get false positives when editing files
   that happen to share a filename on different hosts.

 - If the file being edited is shared between multiple hosts, then you
   will get false negatives when trying to edit that file from different
   hosts.

Or a combination of the two scenarios.  In the default mode, network
mounts basically work as expected because the swapfile location is
shared the same way.

Cheers,
  Nick
Previous By Date Next
Previous By Thread Next

Current thread: