FS#59314 - [vim-runtime] Wrong environment usage in archlinux.vim

Attached to Project: Arch Linux
Opened by Ivan Gut (ivanarch) - Thursday, 12 July 2018, 23:16 GMT
Last edited by Levente Polyak (anthraxx) - Wednesday, 29 August 2018, 20:25 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Levente Polyak (anthraxx)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
The source file "archlinux.vim" in trunk contains a reference to the XDG_CACHE_HOME environment variable.
This variable should be used only for the storage of non-essential data. See: https://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html
The cached data files may be deleted without any problem, but vim swap files should not be considered non-essential data, as they may be used for recovering data from vim or system crashes.

Instead use the variable XDG_DATA_HOME and the default directory ".local/share" as shown below:

------------------------ ORIGINAL ------------------------------
" Move the swap file location to protect against CVE-2017-1000382
if exists('$XDG_CACHE_HOME')
let &g:directory=$XDG_CACHE_HOME
else
let &g:directory=$HOME . '/.cache'
endif

------------------------ REPLACEMENT ------------------------------
" Move the swap file location to protect against CVE-2017-1000382
if exists('$XDG_DATA_HOME')
let &g:directory=$XDG_DATA_HOME
else
let &g:directory=$HOME . '/.cache'
endif


Additional info:
* package version(s) 8.1.0022
* config and/or log files: archlinux.vim


Steps to reproduce:
Not applicable.
This task depends upon

Closed by  Levente Polyak (anthraxx)
Wednesday, 29 August 2018, 20:25 GMT
Reason for closing:  Won't fix
Additional comments about closing:  its expected to be non-persistent non-mission-critical data
Comment by Ivan Gut (ivanarch) - Thursday, 12 July 2018, 23:21 GMT
Errata in replacement lines:

------------------------ REPLACEMENT ------------------------------
" Move the swap file location to protect against CVE-2017-1000382
if exists('$XDG_DATA_HOME')
let &g:directory=$XDG_DATA_HOME
else
let &g:directory=$HOME . '/.local/share'
endif
Comment by Eli Schwartz (eschwartz) - Friday, 13 July 2018, 01:29 GMT
I think the motivation for using the cache directory was that if you need to recover from a system crash you will do so immediately, whereas the cache is something you in the general course of things don't mind deleting.

FWIW I separately reimplemented XDG for vim, by putting viminfo, swap, and undo files in the cache. None of this is stuff I consider fundamentally data -- it's useful in the event of a crash, but it's all stuff I wouldn't lose sleep over if I lost -- mostly because most of it is many-times redundant.
Comment by Levente Polyak (anthraxx) - Monday, 13 August 2018, 14:17 GMT
exactly. i dont consider it persistent data that must be preserved. its fluent data used as swap, undo or backup that you can use in case of crash, hang or whatever to restore the state/data. its not a persistent storage with non-fluent data. will most likely close this as "won't fix"

Loading...