Insecure use of /tmp

[jwilk]

The way vim-anywhere uses /tmp is insecure. Malicious local user could create /tmp/vim-anywhere, make it writable to everyone, and then read or tamper with other users' files in this directory. In the worst case, when a victim uses vim-anywhere to create a shell script to be pasted to shell, they could end up with arbitrary code execution.

Please use mktemp -d for creating temporary directories.

[timbaileyjones]

The PR#4 for this issue was merged, but this ticket remains open.

Somebody wanna close it?

[StefanSchroeder]

For the record: This insecure use is captured in https://cwe.mitre.org/data/definitions/377.html