oss-sec mailing list archives
Re: Fw: Security risk of vim swap files
From: Jakub Wilk <jwilk () jwilk net>
Date: Tue, 7 Nov 2017 21:58:23 +0100
* Seth Arnold <seth.arnold () canonical com>, 2017-11-06, 15:09:
Is it not the kernel's responsibility to enforce umask(2) is properly applied?
Yes, most programs don't have to care about this.
Obviously there's good case to be made that manual chmod(2) calls could or should be modified by umask(2) values by hand, but probably all those chmod(2) calls ought to be re-written to set the modes correctly at file creation time (or mkdir, etc) to avoid race conditions.
vim creates the swapfile initially with mode 0600, and later chmods it. There's no race condition. -- Jakub Wilk
Current thread:
- Re: Re: Fw: Security risk of vim swap files, (continued)
- Re: Re: Fw: Security risk of vim swap files Jakub Wilk (Nov 03)
- Re: Re: Fw: Security risk of vim swap files Scott Court (Nov 03)
- Re: Re: Fw: Security risk of vim swap files Nick Bowler (Nov 03)
- Re: Fw: Security risk of vim swap files Christian Brabandt (Nov 03)
- Re: Fw: Security risk of vim swap files Christian Brabandt (Nov 03)
- Re: Fw: Security risk of vim swap files Christian Brabandt (Nov 05)
- Re: Fw: Security risk of vim swap files Solar Designer (Nov 05)
- Re: Fw: Security risk of vim swap files Scott Court (Nov 05)
- Re: Fw: Security risk of vim swap files Kurt Seifried (Nov 05)
- Re: Fw: Security risk of vim swap files Seth Arnold (Nov 06)
- Re: Fw: Security risk of vim swap files Jakub Wilk (Nov 07)
- Re: Re: Fw: Security risk of vim swap files Jakub Wilk (Nov 03)
- Re: Fw: Security risk of vim swap files Christian Brabandt (Nov 06)
- Re: Fw: Security risk of vim swap files Solar Designer (Nov 06)
- Re: Fw: Security risk of vim swap files Jakub Wilk (Nov 05)
- Re: Fw: Security risk of vim swap files Christian Brabandt (Nov 06)
- Re: Fw: Security risk of vim swap files Michael Orlitzky (Nov 06)