oss-sec mailing list archives
Re: nvi crash recovery (was Re: [oss-security] Re: Security risk of server side text editing in general and vim.tiny specifically)
From: Daniel Micay <danielmicay () gmail com>
Date: Fri, 03 Nov 2017 18:11:12 -0400
On Fri, 2017-11-03 at 21:26 +0100, Hanno Böck wrote:
On Fri, 3 Nov 2017 11:12:43 -0700 Ian Zimmerman <itz () very loosely org> wrote:How much of this (and the parallel thread of course) applies to nvi?This is actually interesting: nvi saves recovery files to /var/tmp/vi.recover and creates them with 600 permissions. So all the problems discussed don't really apply here. However the dir itself gets created by the first user using nvi. Not sure if that causes any other problems (permissions are rwx for all and sticky bit).
It's strange it's using /var/tmp instead of ~/.cache but at least it can
be protected with PAM's per-user isolated directory support rather than
relying on it being done securely.
In /etc/security/namespace.conf, for per-user isolated /tmp and /var/tmp:
/tmp /tmp-inst/ level
/var/tmp /var/tmp-inst/ level
In /etc/pam.d/system-auth:
session required pam_namespace.so
Likely also want to mount /tmp-inst as tmpfs (mode=000) if /tmp was
tmpfs rather than just using the root directory pam will create.
Current thread:
- Security risk of server side text editing in general and vim.tiny specifically Fiedler Roman (Nov 03)
- Re: Security risk of server side text editing in general and vim.tiny specifically Jakub Wilk (Nov 03)
- Re: Security risk of server side text editing in general and vim.tiny specifically Solar Designer (Nov 03)
- Re: Security risk of server side text editing in general and vim.tiny specifically Ian Zimmerman (Nov 03)
- nvi crash recovery (was Re: [oss-security] Re: Security risk of server side text editing in general and vim.tiny specifically) Hanno Böck (Nov 03)
- Re: nvi crash recovery Jakub Wilk (Nov 03)
- Re: nvi crash recovery Jakub Wilk (Nov 04)
- Re: nvi crash recovery (was Re: [oss-security] Re: Security risk of server side text editing in general and vim.tiny specifically) Daniel Micay (Nov 03)
- nvi crash recovery (was Re: [oss-security] Re: Security risk of server side text editing in general and vim.tiny specifically) Hanno Böck (Nov 03)
- Re: Re: Security risk of server side text editing in general and vim.tiny specifically Christos Zoulas (Nov 03)
- AW: Re: Security risk of server side text editing in general and vim.tiny specifically Fiedler Roman (Nov 06)
- Re: Security risk of server side text editing in general and vim.tiny specifically Solar Designer (Nov 13)
- AW: Security risk of server side text editing in general and vim.tiny specifically Fiedler Roman (Nov 13)
- <Possible follow-ups>
- Re: Security risk of server side text editing in general and vim.tiny specifically Fiedler Roman (Nov 03)
- Re: Security risk of server side text editing in general and vim.tiny specifically Fiedler Roman (Nov 03)
- Re: Security risk of server side text editing in general and vim.tiny specifically Solar Designer (Nov 03)
- Re: Security risk of server side text editing in general and vim.tiny specifically Solar Designer (Nov 03)
- Re: Security risk of server side text editing in general and vim.tiny specifically Leonid Isaev (Nov 05)
- Re: Security risk of server side text editing in general and vim.tiny specifically Solar Designer (Nov 03)