Package: vim Version: 1:6.3-054+1 Severity: normal Tags: security Vim does not close temporary file (.file.swp) when executing shell, so program executed in shell can read and write from/to that file, even if It is not possible with normal command invocation. Not sure wheter it is really recurity problem though.
Example: # cd # vim file [edit file and enter :sh to run shell] # su user $ ls -l .file.swp ls: .file.swp: Permission denied $ ls -l /proc/self/fd ... lrwx------ 1 user user 64 2005-01-14 15:55 11 -> /root/.file.swp ... $ echo -e '\nqwerty' >&11 $ ^D # tail -1 .file.swp qwerty # -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.10 Locale: LANG=uk_UA.KOI8-U, LC_CTYPE=uk_UA.KOI8-U (charmap=KOI8-U) Versions of packages vim depends on: ii dpkg 1.10.26 Package maintenance system for Deb ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libgpmg1 1.19.6-19 General Purpose Mouse - shared lib ii libncurses5 5.4-4 Shared libraries for terminal hand ii vim-common 1:6.3-054+1 Vi IMproved - Common files -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
