Hi Tony, Sorry - busy - if I get a free moment, I might have a try. I did save the files concerned.
If it helps any - I managed to recover my file by transferring the file + .swp to an older server, which worked fine. version 6.3.81 is on the oldie. Kind Regards, Chris Drake Sunday, November 4, 2007, 1:34:01 AM, you wrote: TM> Chris Drake wrote: >> Hi, >> >> It's possible to craft a malformed .swp file that causes vim to crash >> in a way that completely locks up a terminal. >> >> Here's what was on my screen when it occurred: >> >> >> E325: ATTENTION >> Found a swap file by the name ".Accounting.pm.swp" >> owned by: root dated: Sat Nov 3 04:36:39 2007 >> file name: /usr/local/bin/Accounting.pm >> modified: no >> user name: root host name: *** >> process ID: 5936 >> While opening file "Accounting.pm" >> dated: Sat Nov 3 03:57:44 2007 >> >> (1) Another program may be editing the same file. >> If this is the case, be careful not to end up with two >> different instances of the same file when making changes. >> Quit, or continue with caution. >> >> (2) An edit session for this file crashed. >> If this is the case, use ":recover" or "vim -r Accounting.pm" >> to recover the changes (see ":help recovery"). >> If you did this already, delete the swap file ".Accounting.pm.swp" >> to avoid this message. >> >> Swap file ".Accounting.pm.swp" already exists! >> [O]pen Read-Only, (E)dit anyway, (R)ecover, (Q)uit, (A)bort, (D)elete it: >> >> "Accounting.pm" 2059L, 113828C >> Using swap file ".Accounting.pm.swp" >> Original file "/usr/local/bin/src/Accounting/lib/Accounting.pm" >> *** glibc detected *** double free or corruption (!prev): 0x0926fd60 *** >> >> Recovery completed. You should check if everything is OK. >> (You might want to write out this file under another name >> and run diff with the original file to check for changes) >> Delete the .swp file afterwards. >> >> Vim: Caught deadly signal ABRT >> >> (at this point - the terminal is completely locked up - ^C etc all >> have no effect. kill also has no effect. kill-9 from another session >> ended it OK) >> >> ------------------------ >> Here's some version info >> ------------------------ >> >> VIM - Vi IMproved >> >> version 6.3.82 >> by Bram Moolenaar et al. >> Modified by <[EMAIL PROTECTED]> >> Vim is open source and freely distributable >> >> Help poor children in Uganda! >> type :help iccf<Enter> for information >> >> type :q<Enter> to exit >> type :help<Enter> or <F1> for on-line help >> type :help version6<Enter> for version info >> >> ------------------------ >> Here's some version info >> ------------------------ >> >> I think vim is used for lots of things, including at least editing >> crontab files (after copy stuff to /tmp) - thus - a malicious local >> user could place crafted .swp files in /tmp (or elsewhere that they >> might have access to) to "crash" (DoS) anyone elses future VIM >> sessions. Depending on the error - it might be possible to exploit >> this to run arbitrary code elevated to the vim users permissions (the >> error reports as *either* "double free" (hard to exploit) or >> "corruption" (probably a buffer overflow - easy to exploit)) >> >> Kind Regards, >> Chris Drake TM> I seem to semember that something like that was fixed long ago, but my memory TM> is hazy. Could you reproduce it with some "decently recent" version? TM> You might want to peruse the lists of patches: TM> http://ftp.vim.org/pub/vim/patches/6.3/README TM> http://ftp.vim.org/pub/vim/patches/6.4/README TM> http://ftp.vim.org/pub/vim/patches/7.0/README TM> http://ftp.vim.org/pub/vim/patches/7.1/README TM> FYI, 6.3.082 dates from 5 June 2005. Lots of water went under the bridge since TM> then. The current version is 7.1.147. TM> Best regards, TM> Tony. --~--~---------~--~----~------------~-------~--~----~ You received this message from the "vim_dev" maillist. For more information, visit http://www.vim.org/maillist.php -~----------~----~----~----~------~----~------~--~---
