oss-sec mailing list archives
Re: Re: Fw: Security risk of vim swap files
From: Kurt Seifried <kseifried () redhat com>
Date: Thu, 2 Nov 2017 19:08:57 -0600
On Thu, Nov 2, 2017 at 3:29 PM, Christian Brabandt <cb () 256bit org> wrote:
Kurt Seifried wrote:There is a flaw here, it appears on some distros that vim (and emacs)willignore a user's umask and go with less restrictive file permissions (ideally you think vi would use the files existing perms, plus any umask limitations as expected), for example vim failing: [kseifrie@...alhost vi]$ umask 0007 [kseifrie@...alhost vi]$ touch foo [kseifrie@...alhost vi]$ ls -la total 8 drwxrwxr-x. 2 kseifrie kseifrie 4096 Oct 31 10:50 . drwx--x---. 27 kseifrie kseifrie 4096 Oct 31 10:42 .. -rw-rw----. 1 kseifrie kseifrie 0 Oct 31 10:50 foo [kseifrie@...alhost vi]$ chmod o+r foo [kseifrie@...alhost vi]$ ls -la total 8 drwxrwxr-x. 2 kseifrie kseifrie 4096 Oct 31 10:50 . drwx--x---. 27 kseifrie kseifrie 4096 Oct 31 10:42 .. -rw-rw-r--. 1 kseifrie kseifrie 0 Oct 31 10:50 foo [kseifrie@...alhost vi]$ vi foo in another terminal: [kseifrie@...alhost vi]$ ls -la total 12 drwxrwxr-x. 2 kseifrie kseifrie 4096 Oct 31 10:50 . drwx--x---. 27 kseifrie kseifrie 4096 Oct 31 10:42 .. -rw-rw-r--. 1 kseifrie kseifrie 0 Oct 31 10:50 foo -rw-r--r--. 1 kseifrie kseifrie 4096 Oct 31 10:50 .foo.swp So vim ignores the umask of the user =(.So from a CVE perspective we have a situation where a user has explicitly set a umask (of say 0007) which is to say they've made a securityassertionof "any file I create I want the rwx permissions for "other" removed"whichvim and emacs (and possibly others) are violating when they create swap files/backups/whatever. To add insult to injury most other utilities that create a file (e.g. cp, cat, dd) seem to respect umask. Please use CVE-2017-1000382 for VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file (\"[ORIGINAL_FILENAME].swp\") resulting in files that may be worldreadableor otherwise accessible in ways not intended by the user running the vi binary.Vim copies the permission from the file being edited. Although the swap file is readable by others this does not leak any information here, since the file being edited is already readable by others. Christian
That's usually true but it doesn't matter because a security assertion made via umask is being violated, so it wins a CVE. Also for example if you later delete that file and think you're safe the copy is still floating around world readable. Or you have something indexing the files and ignoring that file type, and the .swp gets indexed, and so on. -- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 Red Hat Product Security contact: secalert () redhat com
Current thread:
- Re: Security risk of vim swap files, (continued)
- Re: Security risk of vim swap files Jakub Wilk (Nov 06)
- Re: Fw: Security risk of vim swap files Jakub Wilk (Nov 01)
- Re: Fw: Security risk of vim swap files Leonid Isaev (Nov 01)
- Re: Fw: Security risk of vim swap files Kurt Seifried (Oct 31)
- Re: Fw: Security risk of vim swap files Jan Pokorný (Nov 01)
- Re: Fw: Security risk of vim swap files Matthias Weckbecker (Nov 21)
- Re: Fw: Security risk of vim swap files Z5T1 (Nov 01)
- Re: Re: Fw: Security risk of vim swap files Michael Orlitzky (Nov 01)
- Re: Re: Fw: Security risk of vim swap files Florent Rougon (Nov 01)
- Re: Re: Fw: Security risk of vim swap files Michael Orlitzky (Nov 01)
- Re: Fw: Security risk of vim swap files Christian Brabandt (Nov 02)
- Re: Re: Fw: Security risk of vim swap files Kurt Seifried (Nov 02)
- Re: Re: Fw: Security risk of vim swap files Jakub Wilk (Nov 03)
- Re: Re: Fw: Security risk of vim swap files Scott Court (Nov 03)
- Re: Re: Fw: Security risk of vim swap files Nick Bowler (Nov 03)
- Re: Fw: Security risk of vim swap files Christian Brabandt (Nov 03)
- Re: Fw: Security risk of vim swap files Christian Brabandt (Nov 03)
- Re: Fw: Security risk of vim swap files Christian Brabandt (Nov 05)
- Re: Fw: Security risk of vim swap files Solar Designer (Nov 05)
- Re: Fw: Security risk of vim swap files Scott Court (Nov 05)
- Re: Fw: Security risk of vim swap files Kurt Seifried (Nov 05)
- Re: Fw: Security risk of vim swap files Seth Arnold (Nov 06)