FS#59314 - [vim-runtime] Wrong environment usage in archlinux.vim
Attached to Project:
Arch Linux
Opened by Ivan Gut (ivanarch) - Thursday, 12 July 2018, 23:16 GMT
Last edited by Levente Polyak (anthraxx) - Wednesday, 29 August 2018, 20:25 GMT
Opened by Ivan Gut (ivanarch) - Thursday, 12 July 2018, 23:16 GMT
Last edited by Levente Polyak (anthraxx) - Wednesday, 29 August 2018, 20:25 GMT
|
Details
Description:
The source file "archlinux.vim" in trunk contains a reference to the XDG_CACHE_HOME environment variable. This variable should be used only for the storage of non-essential data. See: https://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html The cached data files may be deleted without any problem, but vim swap files should not be considered non-essential data, as they may be used for recovering data from vim or system crashes. Instead use the variable XDG_DATA_HOME and the default directory ".local/share" as shown below: ------------------------ ORIGINAL ------------------------------ " Move the swap file location to protect against CVE-2017-1000382 if exists('$XDG_CACHE_HOME') let &g:directory=$XDG_CACHE_HOME else let &g:directory=$HOME . '/.cache' endif ------------------------ REPLACEMENT ------------------------------ " Move the swap file location to protect against CVE-2017-1000382 if exists('$XDG_DATA_HOME') let &g:directory=$XDG_DATA_HOME else let &g:directory=$HOME . '/.cache' endif Additional info: * package version(s) 8.1.0022 * config and/or log files: archlinux.vim Steps to reproduce: Not applicable. |
This task depends upon
Closed by Levente Polyak (anthraxx)
Wednesday, 29 August 2018, 20:25 GMT
Reason for closing: Won't fix
Additional comments about closing: its expected to be non-persistent non-mission-critical data
Wednesday, 29 August 2018, 20:25 GMT
Reason for closing: Won't fix
Additional comments about closing: its expected to be non-persistent non-mission-critical data
------------------------ REPLACEMENT ------------------------------
" Move the swap file location to protect against CVE-2017-1000382
if exists('$XDG_DATA_HOME')
let &g:directory=$XDG_DATA_HOME
else
let &g:directory=$HOME . '/.local/share'
endif
FWIW I separately reimplemented XDG for vim, by putting viminfo, swap, and undo files in the cache. None of this is stuff I consider fundamentally data -- it's useful in the event of a crash, but it's all stuff I wouldn't lose sleep over if I lost -- mostly because most of it is many-times redundant.