[packages/vim.git] / 7.0.234

To: vim-dev@vim.org
Subject: patch 7.0.234
Fcc: outbox
From: Bram Moolenaar <Bram@moolenaar.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
------------

Patch 7.0.234
Problem:    It's possible to use feedkeys() from a modeline.  That is a
	    security issue, can be used for a trojan horse.
Solution:   Disallow using feedkeys() in the sandbox.
Files:	    src/eval.c


*** ../vim-7.0.233/src/eval.c	Thu Apr 26 17:08:16 2007
--- src/eval.c	Fri Apr 27 21:48:18 2007
***************
*** 9078,9083 ****
--- 9078,9089 ----
      int		typed = FALSE;
      char_u	*keys_esc;
  
+     /* This is not allowed in the sandbox.  If the commands would still be
+      * executed in the sandbox it would be OK, but it probably happens later,
+      * when "sandbox" is no longer set. */
+     if (check_secure())
+ 	return;
+ 
      rettv->vval.v_number = 0;
      keys = get_tv_string(&argvars[0]);
      if (*keys != NUL)
*** ../vim-7.0.233/src/version.c	Thu Apr 26 18:42:17 2007
--- src/version.c	Fri Apr 27 22:13:23 2007
***************
*** 668,669 ****
--- 668,671 ----
  {   /* Add new patch number below this line */
+ /**/
+     234,
  /**/

-- 
"Making it up?  Why should I want to make anything up?  Life's bad enough
as it is without wanting to invent any more of it."
		-- Marvin, the Paranoid Android in Douglas Adams'
		   "The Hitchhiker's Guide to the Galaxy"

 /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\        download, build and distribute -- http://www.A-A-P.org        ///
 \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///
Commit	Line	Data
468bf62c AM	1	To: vim-dev@vim.org
	2	Subject: patch 7.0.234
	3	Fcc: outbox
	4	From: Bram Moolenaar <Bram@moolenaar.net>
	5	Mime-Version: 1.0
	6	Content-Type: text/plain; charset=ISO-8859-1
	7	Content-Transfer-Encoding: 8bit
	8	------------
	9
	10	Patch 7.0.234
	11	Problem: It's possible to use feedkeys() from a modeline. That is a
	12	security issue, can be used for a trojan horse.
	13	Solution: Disallow using feedkeys() in the sandbox.
	14	Files: src/eval.c
	15
	16
	17	*** ../vim-7.0.233/src/eval.c Thu Apr 26 17:08:16 2007
	18	--- src/eval.c Fri Apr 27 21:48:18 2007
	19	***************
	20	* 9078,9083 **
	21	--- 9078,9089 ----
	22	int typed = FALSE;
	23	char_u *keys_esc;
	24
	25	+ /* This is not allowed in the sandbox. If the commands would still be
	26	+ * executed in the sandbox it would be OK, but it probably happens later,
	27	+ * when "sandbox" is no longer set. */
	28	+ if (check_secure())
	29	+ return;
	30	+
	31	rettv->vval.v_number = 0;
	32	keys = get_tv_string(&argvars[0]);
	33	if (*keys != NUL)
	34	*** ../vim-7.0.233/src/version.c Thu Apr 26 18:42:17 2007
	35	--- src/version.c Fri Apr 27 22:13:23 2007
	36	***************
	37	* 668,669 **
	38	--- 668,671 ----
	39	{ /* Add new patch number below this line */
	40	+ /**/
	41	+ 234,
	42	/**/
	43
	44	--
	45	"Making it up? Why should I want to make anything up? Life's bad enough
	46	as it is without wanting to invent any more of it."
	47	-- Marvin, the Paranoid Android in Douglas Adams'
	48	"The Hitchhiker's Guide to the Galaxy"
	49
	50	/// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\
	51	/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
	52	\\\ download, build and distribute -- http://www.A-A-P.org ///
	53	\\\ help me help AIDS victims -- http://ICCF-Holland.org ///