FS#57640 - [vim-runtime] archlinux.vim shells out at loading for CVE-2017-1000382
Attached to Project:
Arch Linux
Opened by Andy Massimino (vimplication) - Monday, 26 February 2018, 01:58 GMT
Last edited by Levente Polyak (anthraxx) - Monday, 26 February 2018, 22:45 GMT
Opened by Andy Massimino (vimplication) - Monday, 26 February 2018, 01:58 GMT
Last edited by Levente Polyak (anthraxx) - Monday, 26 February 2018, 22:45 GMT
|
Details
Description:
The following was recently added, " Move the swap file location to protect against CVE-2017-1000382 silent !install -d -m 700 ~/.vim/swap/ 2>&1 > /dev/null set directory=~/.vim/swap/ However, this forces the controlling terminal's prompt to the bottom when vim exits, because ! produces output when the terminal is not yet properly set up by vim. It would be preferable to shell-out only if the directory doesn't exist and to use `system(` which does not cause the issue. E.g., if ! isdirectory("~/.vim/swap/") call system('install -d -m 700 ~/.vim/swap') endif set directory=~/.vim/swap// From: http://security.cucumberlinux.com/security/details.php?id=120 |
This task depends upon
Closed by Levente Polyak (anthraxx)
Monday, 26 February 2018, 22:45 GMT
Reason for closing: Fixed
Additional comments about closing: 8.0.1542-2
Monday, 26 February 2018, 22:45 GMT
Reason for closing: Fixed
Additional comments about closing: 8.0.1542-2
[1]: https://www.reddit.com/r/vim/comments/805zvt/exiting_vim_leaves_a_huge_gap_in_my_terminal/