Re: Fw: Security risk of vim swap files

[Solar Designer <solar () openwall com>]

On Sun, Nov 05, 2017 at 07:03:07PM -0700, Kurt Seifried wrote:
> Also you're all still ignoring umask =(. Please, when you create a new
> file, check the umask and subtract it to make sure you're abiding by the
> user's wishes.

Ignoring umask may be OK if the program sets the most restrictive
permissions it can work with, and I suppose in this case that's 0600.

On Mon, Nov 06, 2017 at 08:08:49AM +0100, Christian Brabandt wrote:
> On So, 05 Nov 2017, Jakub Wilk wrote:
> > Couldn't vim create swapfiles with mode 0600 and be done with it?
>
> Because then users of the group could not recover the file anymore,
> although they are able to read the original file.

That's the behavior I would expect.

On Mon, Nov 06, 2017 at 08:11:58AM +0100, Christian Brabandt wrote:
> On So, 05 Nov 2017, Solar Designer wrote:
> > Yes, let's also force 0600 for "undo and backup files", please.
>
> Backup files and undo files are not created by default, only when Vim is 
> configured to do so. Also the undofile does not leak any information, 
> because as soon as the original file has been slightly altered, the undo 
> information is discarded.

Thanks for the additional detail.  None of this feels like a reason not
to set all of those files to 0600.

Alexander