[email protected]
[Top] [All Lists]

Bug#290507: marked as forwarded (vim: does not close files when executin

Subject: Bug#290507: marked as forwarded vim: does not close files when executing shell
From: Debian Bug Tracking System
Date: Sat, 07 Oct 2006 02:38:02 -0700
Your message dated Sat, 7 Oct 2006 11:19:36 +0200
with message-id <[email protected]>
has caused the Debian Bug report #290507,
regarding vim: does not close files when executing shell
to be marked as having been forwarded to the upstream software
author(s) [email protected]

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Subject: vim does not close file upon :sh, security issue
From: Stefano Zacchiroli
Date: Sat, 7 Oct 2006 11:19:36 +0200
Hi Bram,

here comes another bug report from the Debian bug tracking system, with
a small security issue.

Quoting from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=290507:

>  Vim does not close temporary file (.file.swp) when executing shell, so
> program executed in shell can read and write from/to that file, even if
> It is not possible with normal command invocation. Not sure wheter it is
> really recurity problem though.
>  Example:
> # cd
> # vim file
> [edit file and enter :sh to run shell]
> # su user
> $ ls -l .file.swp
> ls: .file.swp: Permission denied
> $ ls -l /proc/self/fd
> ...
> lrwx------  1 user user 64 2005-01-14 15:55 11 -> /root/.file.swp
> ...
> $ echo -e '\nqwerty' >&11
> $ ^D
> # tail -1 .file.swp
> qwerty
> #

What's your opinion on this? Do you consider it a bug or not?


Stefano Zacchiroli -*- Computer Science PhD student @ Uny Bologna, Italy
[email protected]{cs.unibo.it,debian.org,bononia.it} -%- http://www.bononia.it/zack/
If there's any real truth it's that the entire multidimensional infinity
of the Universe is almost certainly being run by a bunch of maniacs. -!-

--- End Message ---
<Prev in Thread] Current Thread [Next in Thread>
  • Bug#290507: marked as forwarded (vim: does not close files when executing shell), Debian Bug Tracking System <=