oss-sec mailing list archives
Re: Fw: Security risk of vim swap files
From: Steffen Nurpmeso <steffen () sdaoden eu>
Date: Tue, 31 Oct 2017 19:57:14 +0100
Tim <tim-security () sentinelchicken org> wrote: |On Tue, Oct 31, 2017 at 01:23:52PM +0100, Hanno Böck wrote: |> I just sent this to the vim dev list, but I guess it's interesting for |> oss-security, too. |> ... ... |Sure, you can argue that maybe some systems should ignore these files, |block access, etc, but it is pretty absurd to expect every other piece |of software in the universe to work around very unsafe defaults of text |editors. | |Also, it almost never makes sense to put things in /tmp, for several |reasons pointed out by others. Making ~/.vim/... the default location |clearly is the best solution. I for one really dislike that for many years (i think .gconf and all around that was the first time i recognized the problem) that more and more programs think they can simply create a dot directory in my $HOME. Indeed i have started using umask 0077 due to this. I use "set dir=~/traffic" and "set backupdir=~/traffic" and that has a mode of 0700. My vim(s) has/ve never needed ~/.vim. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
Current thread:
- Re: Fw: Security risk of vim swap files, (continued)
- Re: Fw: Security risk of vim swap files Jakub Wilk (Oct 31)
- Re: Fw: Security risk of vim swap files Solar Designer (Oct 31)
- Re: Fw: Security risk of vim swap files Adam Shannon (Oct 31)
- Re: Fw: Security risk of vim swap files Gordo Lowrey (Oct 31)
- Re: Fw: Security risk of vim swap files Solar Designer (Oct 31)
- Re: Fw: Security risk of vim swap files Jason Cooper (Oct 31)
- Re: Security risk of vim swap files Simon Waters (Surevine) (Oct 31)
- Re: Security risk of vim swap files Matthias Luft (Nov 07)
- Re: Fw: Security risk of vim swap files Tim (Oct 31)
- Re: Fw: Security risk of vim swap files Kurt H Maier (Oct 31)
- Re: Fw: Security risk of vim swap files Tim (Oct 31)
- Re: Fw: Security risk of vim swap files Steffen Nurpmeso (Oct 31)
- Re: Fw: Security risk of vim swap files Leonid Isaev (Nov 01)
- Re: Fw: Security risk of vim swap files Simon McVittie (Nov 01)
- Re: Fw: Security risk of vim swap files Tim (Nov 01)
- Re: Fw: Security risk of vim swap files Jeffrey Walton (Nov 01)
- Re: Fw: Security risk of vim swap files Kurt Seifried (Nov 01)
- Re: Fw: Security risk of vim swap files Jakub Wilk (Nov 01)
- Re: Fw: Security risk of vim swap files Solar Designer (Nov 01)
- Re: Security risk of vim swap files Ian Zimmerman (Nov 06)
- Re: Security risk of vim swap files Solar Designer (Nov 06)
- Re: Security risk of vim swap files Jakub Wilk (Nov 06)
- Re: Fw: Security risk of vim swap files Kurt H Maier (Oct 31)
- Re: Fw: Security risk of vim swap files Jakub Wilk (Oct 31)