diff options
| -rw-r--r-- | contrib/vim/noplaintext.vim | 46 | ||||
| -rw-r--r-- | contrib/vim/redact_pass.txt | 41 | ||||
| -rw-r--r-- | contrib/vim/redact_pass.vim | 80 |
3 files changed, 121 insertions, 46 deletions
diff --git a/contrib/vim/noplaintext.vim b/contrib/vim/noplaintext.vim deleted file mode 100644 index 9493194..0000000 --- a/contrib/vim/noplaintext.vim +++ /dev/null @@ -1,46 +0,0 @@ -" -" Prevent various Vim features from keeping the contents of pass(1) password -" files (or any other purely temporary files) in plaintext on the system. -" -" Either append this to the end of your .vimrc, or install it as a plugin with -" a plugin manager like Tim Pope's Pathogen. -" -" Author: Tom Ryder <tom@sanctum.geek.nz> -" - -" Don't backup files in temp directories or shm -if exists('&backupskip') - set backupskip+=/tmp/*,$TMPDIR/*,$TMP/*,$TEMP/*,*/shm/* -endif - -" Don't keep swap files in temp directories or shm -if has('autocmd') - augroup swapskip - autocmd! - silent! autocmd BufNewFile,BufReadPre - \ /tmp/*,$TMPDIR/*,$TMP/*,$TEMP/*,*/shm/* - \ setlocal noswapfile - augroup END -endif - -" Don't keep undo files in temp directories or shm -if has('persistent_undo') && has('autocmd') - augroup undoskip - autocmd! - silent! autocmd BufWritePre - \ /tmp/*,$TMPDIR/*,$TMP/*,$TEMP/*,*/shm/* - \ setlocal noundofile - augroup END -endif - -" Don't keep viminfo for files in temp directories or shm -if has('viminfo') - if has('autocmd') - augroup viminfoskip - autocmd! - silent! autocmd BufNewFile,BufReadPre - \ /tmp/*,$TMPDIR/*,$TMP/*,$TEMP/*,*/shm/* - \ setlocal viminfo= - augroup END - endif -endif diff --git a/contrib/vim/redact_pass.txt b/contrib/vim/redact_pass.txt new file mode 100644 index 0000000..86d8a25 --- /dev/null +++ b/contrib/vim/redact_pass.txt @@ -0,0 +1,41 @@ +*redact_pass.txt* For Vim version 6.0 Last change: 2018 June 10 + +DESCRIPTION *redact_pass* + +This plugin switches off the 'viminfo', 'backup', 'writebackup', 'swapfile', +and 'undofile' options globally when editing a password in `pass(1)`. + +This is to prevent anyone being able to extract passwords from your Vim cache +files in the event of a compromise. + +You should test this after installed to ensure you see this message is printed +whenever you `pass edit`: + +> Editing password file--disabled leaky options! + +REQUIREMENTS *redact_pass-requirements* + +This plugin is only available if 'compatible' is not set. It also requires the +|+autocmd| feature. + +IMPLEMENTATION *redact_pass-implementation* + +The options are disabled globally rather than attempting to set them local to +the buffer only, which was the flawed approach of previous versions. This is +mostly because of the 'viminfo' option; it's global, and there's no meaningful +way to exclude information from the sensitive buffer from appearing in it. + +Because the typical use case for editing a password file in Vim is that you +load and change a single short document, and then quit, it's more sensible to +just turn the relevant options off completely, and makes what the plugin is +doing more reliable and straightforward to understand. + +AUTHOR *redact_pass-author* + +Written and maintained by Tom Ryder <tom@sanctum.geek.nz>. + +LICENSE *redact_pass-license* + +Licensed for distribution under the same terms as the pass(1) project. + + vim:tw=78:ts=8:ft=help:norl: diff --git a/contrib/vim/redact_pass.vim b/contrib/vim/redact_pass.vim new file mode 100644 index 0000000..14919bb --- /dev/null +++ b/contrib/vim/redact_pass.vim @@ -0,0 +1,80 @@ +" +" redact_pass.vim: Switch off the 'viminfo', 'backup', 'writebackup', +" 'swapfile', and 'undofile' globally when editing a password in pass(1). +" +" This is to prevent anyone being able to extract passwords from your Vim +" cache files in the event of a compromise. +" +" Author: Tom Ryder <tom@sanctum.geek.nz> +" License: Same as Vim itself +" +if exists('g:loaded_redact_pass') || &compatible + finish +endif +if !has('autocmd') + finish +endif +let g:loaded_redact_pass = 1 + +" Pattern to match for the portion of the path after the temporary dir, +" starting with the leading slash +let s:pattern = '\m\C/pass\.[^/]\+/[^/]\+\.txt$' + +" Check whether the given dir name is not an empty string, whether the first +" file in the argument list is within the named dir, and that the whole path +" matches the above pattern immediately after that dir name +function! s:PassPath(root) + + " Check we actually got a value, i.e. this wasn't an empty environment + " variable + if !strlen(a:root) + return 0 + endif + + " Full resolved path to the root dir with no trailing slashes + let l:root = fnamemodify(a:root, ':p:h') + + " Full resolved path to the first file in the arg list + let l:path = fnamemodify(argv(0), ':p') + + " Check the string all match and at the expected points + return stridx(l:path, l:root) == 0 + \ && strlen(l:root) == match(l:path, s:pattern) + +endfunction + +" Check whether we should set redacting options or not +function! s:CheckArgsRedact() + + " Short-circuit unless we're editing just one file and it looks like a path + " in one of the three expected directories; we're trying hard to make sure + " this really is a password file and we're not messing with the user's + " precious settings unnecessarily + if argc() != 1 + \ || !s:PassPath('/dev/shm') + \ && !s:PassPath($TMPDIR) + \ && !s:PassPath('/tmp') + return + endif + + " Disable all the leaky options globally + set nobackup + set nowritebackup + set noswapfile + set viminfo= + if has('persistent_undo') + set noundofile + endif + + " Tell the user what we're doing so they know this worked, via a message and + " a global variable they can check + echomsg 'Editing password file--disabled leaky options!' + let g:redact_pass_redacted = 1 + +endfunction + +" Auto function loads only when Vim starts up +augroup redact_pass + autocmd! + autocmd VimEnter * call s:CheckArgsRedact() +augroup END |