diff options
| -rw-r--r-- | README.md | 9 | ||||
| -rw-r--r-- | VERSION | 2 | ||||
| -rw-r--r-- | autoload/redact_pass.vim | 1 | ||||
| -rw-r--r-- | plugin/redact_pass.vim | 6 |
4 files changed, 13 insertions, 5 deletions
@@ -1,14 +1,15 @@ redact\_pass.vim ================ -This plugin switches off the 'viminfo', 'backup', 'writebackup', 'swapfile', -and 'undofile' options globally when editing a password in `pass(1)`. +This plugin switches off the `'viminfo'`, `'backup'`, `'writebackup'`, +`'swapfile'`, and `'undofile'` options globally when editing a password in +`pass(1)`. This is to prevent anyone being able to extract passwords from your Vim cache files in the event of a compromise. -You should test this after installed to ensure you see this message is printed -whenever you `pass edit`: +You should test this after installation to ensure you see this message is +printed whenever you `pass edit`: > Editing password file--disabled leaky options! @@ -1 +1 @@ -2.1.0 +2.2.2 diff --git a/autoload/redact_pass.vim b/autoload/redact_pass.vim index afcf6e4..4fb1a1f 100644 --- a/autoload/redact_pass.vim +++ b/autoload/redact_pass.vim @@ -18,6 +18,7 @@ function! redact_pass#() abort " Tell the user what we're doing so they know this worked, via a message and " a global variable they can check + redraw echomsg 'Editing password file--disabled leaky options!' let g:redact_pass_redacted = 1 diff --git a/plugin/redact_pass.vim b/plugin/redact_pass.vim index 14705ac..bcb9227 100644 --- a/plugin/redact_pass.vim +++ b/plugin/redact_pass.vim @@ -21,4 +21,10 @@ augroup redact_pass \,$TMPDIR/pass.?*/?*.txt \,/tmp/pass.?*/?*.txt \ call redact_pass#() + " Work around macOS' dynamic symlink structure for temporary directories + if has('mac') + autocmd VimEnter + \ /private/var/?*/pass.?*/?*.txt + \ call redact_pass#() + endif augroup END |