diff options
| author | Tom Ryder <tom@sanctum.geek.nz> | 2018-06-10 00:54:44 +1200 |
|---|---|---|
| committer | Tom Ryder <tom@sanctum.geek.nz> | 2018-06-10 01:01:17 +1200 |
| commit | 5a257fe0030cbee3bd50422d592025fbed8e4bde (patch) | |
| tree | 40b463639fd3b52af774ddf49714adcfc81239a9 /contrib/vim/redact_pass.txt | |
| parent | dda2ecce34de808d22b4b0f388bd1cb640158a29 (diff) | |
Replace noplaintext.vim as redact_pass.vim plugin
Per debugging from Enno Nagel <enno.nagel+vim@gmail.com>, it's become
apparent to me that to have any degree of confidence that none of these
options have actually got any plaintext password data in them, we need
to disable the options globally when a password file is edited.
In particular, in the case of the 'viminfo' global option, it's not
possible to disable it per path, and not terribly meaningful either;
things like the last seach pattern or the contents of registers, i.e.
global state of the editor, are recorded. There's no sensible approach I
can see except to actually switch the feature off entirely by blanking
it.
I've therefore completely rewritten this, to make as thorough a check as
possible that the Vim user is editing a pass(1) file by calling `pass
edit`, and then to disable the "leaky" options globally, with an
explicit warning so that the user can see it's been done.
This plugin is also available as Vim script #5707:
<https://www.vim.org/scripts/script.php?script_id=5707>
Its homepage is here:
<https://sanctum.geek.nz/cgit/vim-redact-pass.git/about/>
Diffstat (limited to 'contrib/vim/redact_pass.txt')
| -rw-r--r-- | contrib/vim/redact_pass.txt | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/contrib/vim/redact_pass.txt b/contrib/vim/redact_pass.txt new file mode 100644 index 0000000..86d8a25 --- /dev/null +++ b/contrib/vim/redact_pass.txt @@ -0,0 +1,41 @@ +*redact_pass.txt* For Vim version 6.0 Last change: 2018 June 10 + +DESCRIPTION *redact_pass* + +This plugin switches off the 'viminfo', 'backup', 'writebackup', 'swapfile', +and 'undofile' options globally when editing a password in `pass(1)`. + +This is to prevent anyone being able to extract passwords from your Vim cache +files in the event of a compromise. + +You should test this after installed to ensure you see this message is printed +whenever you `pass edit`: + +> Editing password file--disabled leaky options! + +REQUIREMENTS *redact_pass-requirements* + +This plugin is only available if 'compatible' is not set. It also requires the +|+autocmd| feature. + +IMPLEMENTATION *redact_pass-implementation* + +The options are disabled globally rather than attempting to set them local to +the buffer only, which was the flawed approach of previous versions. This is +mostly because of the 'viminfo' option; it's global, and there's no meaningful +way to exclude information from the sensitive buffer from appearing in it. + +Because the typical use case for editing a password file in Vim is that you +load and change a single short document, and then quit, it's more sensible to +just turn the relevant options off completely, and makes what the plugin is +doing more reliable and straightforward to understand. + +AUTHOR *redact_pass-author* + +Written and maintained by Tom Ryder <tom@sanctum.geek.nz>. + +LICENSE *redact_pass-license* + +Licensed for distribution under the same terms as the pass(1) project. + + vim:tw=78:ts=8:ft=help:norl: |