Date: Tue, 31 Oct 2017 14:35:59 +0100 From: Jakub Wilk <jwilk@...lk.net> To: oss-security@...ts.openwall.com Subject: Re: Fw: Security risk of vim swap files There's another problem with vim swapfiles. If you edit a file directly in /tmp, vim will happily read a swapfile that were planted there by somebody else. Local users could exploit this for denial of service (or maybe worse if there are any swapfile parsing bugs...). Is that a bug in vim? Or is it a user error to edit file directly in /tmp? In the latter case, we should fix at least vipe(1) and vidir(1) from moreutils; and run-mailcap(1). -- Jakub Wilk
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.