On Sun, May 08, 2005 at 09:07:44PM -0400, Adrian Irving-Beer wrote: > Taken from the help docs for the 'secure' option: > > [. . .] On Unix this option is only used if the ".vimrc" or > ".exrc" is not owned by you. This can be dangerous if the systems > allows users to do a "chown". You better set 'secure' at the end > of your ~/.vimrc then. > > The last sentence doesn't make any sense; no matter where or when you > set it, it has no effect on the execution of one's own .vimrc or > .exrc files.
It's not supposed to affect that. If a user can't trust that their own .vimrc/.exrc files aren't being tampered with, then they have a larger issue at hand. > Unpacking a tarball, checking out files via CVS or any other SCM, > etc., all create files owned only by the current user. These can > contain .vimrc's or .exrc's with malicious instructions that will be > executed without restriction. These are all actions that the user has control of and they should know whether a .vimrc or .exrc file is being placed on their system. The problem this option is trying to prevent is when someone else is able to create said files without the user's knowledge. > The docs are misleading in this regard; I thought I was "secure" (so > to speak) for years, and only just discovered I was an accident > waiting to happen. It's only an accident waiting to happen if the user isn't paying attention to what files they're putting on their system and what the contents of those files are, especially when they know they have an option enabled in their editor that automatically sources those files. > Wishlist item: > > There's currently no way to distinguish a 'benign' .vimrc (e.g. > official project indent settings) from a 'hostile' .vimrc (shell > and write commands). The 'secure' option would be ideal for this, > if only it or a new sister option would enforce 'secure' rules on > *all* .vimrc and .exrc files. > > (If the doc bug is fixed without a true self-included 'secure' mode, > we can rename this report and reclassify it as a wishlist item, or I > can just submit a new one.) Note, I'm not disagreeing with the idea of an additional "super"-secure option which would enforce these restrictions regardless of who owns the .vimrc or .exrc. As far as this bug is concerned, here's the summary of my thoughts: a) 'exrc' has to be enabled for anything to be a problem and the help for that option warns about possible security issues. b) Files owned by the current user will have been placed there by the current user and that user should know to investigate anything that may compromise their security, such as spurious .vimrc/.exrc files when they have 'exrc' enabled. c) Files owned by other users may (most likely will?) have been placed on the system without the current user's knowledge. Even this isn't a problem unless the user has the 'exrc' option enabled. If they do have the 'exrc' option enabled, then they should know about the 'secure' option since it's mentioned in the help for 'exrc'. James -- GPG Key: 1024D/61326D40 2003-09-02 James Vega <[EMAIL PROTECTED]>
signature.asc
Description: Digital signature
