[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Fw: Security risk of vim swap files
From:       Steffen Nurpmeso <steffen () sdaoden ! eu>
Date:       2017-10-31 18:57:14
Message-ID: 20171031185714.Z6cNT%steffen () sdaoden ! eu
[Download RAW message or body]

Tim <tim-security@sentinelchicken.org> wrote:
 |On Tue, Oct 31, 2017 at 01:23:52PM +0100, Hanno Böck wrote:
 |> I just sent this to the vim dev list, but I guess it's interesting for
 |> oss-security, too.
 |> ...
 ...
 |Sure, you can argue that maybe some systems should ignore these files,
 |block access, etc, but it is pretty absurd to expect every other piece
 |of software in the universe to work around very unsafe defaults of text
 |editors.  
 |
 |Also, it almost never makes sense to put things in /tmp, for several
 |reasons pointed out by others.  Making ~/.vim/... the default location
 |clearly is the best solution.

I for one really dislike that for many years (i think .gconf and
all around that was the first time i recognized the problem) that
more and more programs think they can simply create a dot
directory in my $HOME.  Indeed i have started using umask 0077 due
to this.  I use "set dir=~/traffic" and "set backupdir=~/traffic"
and that has a mode of 0700.  My vim(s) has/ve never needed ~/.vim.

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)

[prev in list] [next in list] [prev in thread] [next in thread]