To: vim-dev@vim.org Subject: Patch 5.7.018 Fcc: outbox From: Bram Moolenaar ------------ Patch 5.7.018 Problem: When running "rvim" or "vim -Z" it was still possible to execute a shell command with system() and backtick-expansion. (Antonios A. Kavarnos) Solution: Disallow executing a shell command in get_cmd_output() and mch_expand_wildcards(). Files: src/misc1.c, src/os_unix.c *** ../vim-5.7.17/src/misc1.c Tue Jun 20 21:30:53 2000 --- src/misc1.c Thu Nov 16 16:45:35 2000 *************** *** 5695,5700 **** --- 5695,5703 ---- int i = 0; FILE *fd; + if (check_restricted() || check_secure()) + return NULL; + /* get a name for the temp file */ if ((tempname = vim_tempname('o')) == NULL) { *** ../vim-5.7.17/src/os_unix.c Wed Jun 7 17:24:21 2000 --- src/os_unix.c Thu Nov 16 17:02:34 2000 *************** *** 3334,3339 **** --- 3334,3348 ---- if (!have_wildcard(num_pat, pat)) return save_patterns(num_pat, pat, num_file, file); + /* + * Don't allow the use of backticks in secure and restricted mode. + */ + if (secure || restricted) + for (i = 0; i < num_pat; ++i) + if (vim_strchr(pat[i], '`') != NULL + && (check_restricted() || check_secure())) + return FAIL; + /* * get a name for the temp file */ *** ../vim-5.7.17/src/version.c Thu Nov 16 17:06:52 2000 --- src/version.c Thu Nov 16 16:45:44 2000 *************** *** 439,440 **** --- 439,442 ---- { /* Add new patch number below this line */ + /**/ + 18, /**/ -- hundred-and-one symptoms of being an internet addict: 156. You forget your friend's name but not her e-mail address. /// Bram Moolenaar Bram@moolenaar.net http://www.moolenaar.net \\\ \\\ Vim: http://www.vim.org ICCF Holland: http://iccf-holland.org ///