[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sheflug] Flames & security (Was: Sheflug Meeting / AccessSpace NIS)



* Alex Hudson (home [at] alexhudson.com) wrote:
> On Tue, Apr 03, 2001 at 06:03:49PM +0100, Will Newton wrote:
> > > mkstemp?? That's not the fix, and it's certainly not an exploit. Do you
> > > actually understand the advisory on SF?
> > 
> > Yeah, that was an ill-considered response, but I couldn't really be arsed
> > at the time.
> 
> Said like a true slashdotter!! :P
> 
> Hopefully you've learned your lesson - never admit to being a vim user, lest 
> people heckle you constantly :) (Are there any other vim users among us? Just
> curiosity of course... <gets out notebook>)
>

Yes :)

> And I won't mention the 'execute random code' in .vimrc exploit found in the 
> past few days... that would be mean and continuing an OT thread.. 
> 

Hrm, didnt know about that, care to point me at an URL? and vim 5.x or 
6.0 alpha (or both?)

> Just goes to show though - joe, 6 yrs old, vim, still in development, there's 
> nothing new (to exploit) under the sun....
>

The mistakes that lead to a lot of the problems are easy to make, and,
relatively easy to miss if you're doing something quickly, and perhaps
not paying enough attention.

I use vim, and various other things, that doesnt mean I think they're
infallible, just that I prefer using them over the alternatives.


I admit, that I dont concern myself much with the security of things
like text editors (see what I said in another post about things like
that being important in various situations, before flaming me :) ),
because, frankly, if someone other than me is in a position to use vim
on my box, I'm pretty much screwed anyway.

Of course, on a multi-user system, I would be far more concerned.

The basic premise is, everything has had security issues at some point,
and if they're fixed quickly, and dont happen too often, I'm not going
to stop using something (unless its really really stupid / nasty)

> Okay. I think I've stopped being mean :)
> 
> Cheers,
> 
> Alex.
> ---------------------------------------------------------------------
> Sheffield Linux User's Group - http://www.sheflug.co.uk
> To unsubscribe from this list send mail to
> - <sheflug-request [at] vuw.ac.nz> - with the word 
>  "unsubscribe" in the body of the message. 
> 
>   GNU the choice of a complete generation.
> 
> 
> 
-- 
|*-------------------=[ Richard Lowe ]=------------------*|
| richlowe [at] btinternet.com                   UIN: 74724348 |           
|*-------------------------------------------------------*|
| Europe has the Kilogram and the Meter.                  |
| America has the Pound and the Inch.                     |
| Childrens TV has the Elephant and the Double Decker Bus |
|*-------------------------------------------------------*|
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.