[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Fw: Security risk of vim swap files
From: Steffen Nurpmeso <steffen () sdaoden ! eu>
Date: 2017-10-31 18:57:14
Message-ID: 20171031185714.Z6cNT%steffen () sdaoden ! eu
[Download RAW message or body]
Tim <tim-security@sentinelchicken.org> wrote:
|On Tue, Oct 31, 2017 at 01:23:52PM +0100, Hanno Böck wrote:
|> I just sent this to the vim dev list, but I guess it's interesting for
|> oss-security, too.
|> ...
...
|Sure, you can argue that maybe some systems should ignore these files,
|block access, etc, but it is pretty absurd to expect every other piece
|of software in the universe to work around very unsafe defaults of text
|editors.
|
|Also, it almost never makes sense to put things in /tmp, for several
|reasons pointed out by others. Making ~/.vim/... the default location
|clearly is the best solution.
I for one really dislike that for many years (i think .gconf and
all around that was the first time i recognized the problem) that
more and more programs think they can simply create a dot
directory in my $HOME. Indeed i have started using umask 0077 due
to this. I use "set dir=~/traffic" and "set backupdir=~/traffic"
and that has a mode of 0700. My vim(s) has/ve never needed ~/.vim.
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic