A.J.Mechelynck wrote: > Micah Cowan wrote: >> Bram Moolenaar wrote: > [...] >>> The solution is simple: Don't create a link in place of the .viminfo >>> file. And certainly not to /dev/null. >>> >>> Background info: When Vim finds an existing .viminfo file, it writes the >>> new info into a temp file (since it's still reading from the existing >>> one it can't be overwritten). When finished the temp file is moved in >>> place of the old .viminfo and owner and protection are set to match the >>> original. >>> >>> Vim intentionally doesn't follow symlinks for .viminfo, because that can >>> be used for a symlink attack, a security issue. >> >> How so? The user won't be able to attack files he doesn't have write >> permission to, and other users wouldn't be running from his .viminfo, >> AFAICT. And the user shouldn't have permission to replace other users' >> .viminfo's with a symlink... so I'm missing something. >> > Maybe you're missing the fact that /dev/null is crw-rw-rw- i.e. > world-readable and -writable?
No, I'm not missing that. Why should that make a difference? It is, after all, a special file; and only root would be able to replace it with something else. Anyway, Bram was saying that it's a general security hole, not just for when /dev/null is the target. -- Micah J. Cowan Programmer, musician, typesetting enthusiast, gamer... http://micah.cowan.name/
signature.asc
Description: OpenPGP digital signature