Re: Fw: Security risk of vim swap files

[Matthias Weckbecker <matthias () weckbecker name>]

Hi,

On Tue, Oct 31, 2017 at 01:23:52PM +0100, Hanno Boeck wrote:
> I just sent this to the vim dev list, but I guess it's interesting for
> oss-security, too.
> [...]
>
> I wanted to point out an issue here with vim swap files that make them
> a security problem.

this is not limited to swap files.

> On web servers this can be a severe security risk. One can e.g. scan
> for web hosts that have swap files of PHP configuration files and thus
> expose settings like database passwords. (e.g. wget
> http://example.com/.wp-config.php.swp )
>
> In a scan of the alexa top 1 million I found ~750 instances of such
> files. I tried to inform affected people as best as I could. I also
> discovered such scans in my own web server logs, so I assume black hats
> are already aware of this and it's actively exploitet.

One might want to consider adding e.g. .un~ files to the scanning too.
Unless 'undodir' is configured in ~/.vimrc, those files end up in the
same directory if 'undofile' is set.

Matthias