To: vim-dev@vim.org
Subject: Patch 6.3.082
Fcc: outbox
From: Bram Moolenaar <Bram@moolenaar.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
------------
Patch 6.3.082 (after 6.3.081)
Problem: Unix: expand() may execute a shell command when it's not wanted.
(Georgi Guninski)
Solution: A more generic solution than 6.3.081.
Files: src/os_unix.c
*** ../vim-6.3.081/src/os_unix.c Tue Jul 19 22:31:54 2005
--- src/os_unix.c Wed Jul 20 10:54:12 2005
***************
*** 4697,4710 ****
if (!have_wildcard(num_pat, pat))
return save_patterns(num_pat, pat, num_file, file);
/*
* Don't allow the use of backticks in secure and restricted mode.
*/
! if (secure || restricted
! # ifdef HAVE_SANDBOX
! || sandbox != 0
! # endif
! )
for (i = 0; i < num_pat; ++i)
if (vim_strchr(pat[i], '`') != NULL
&& (check_restricted() || check_secure()))
--- 4697,4712 ----
if (!have_wildcard(num_pat, pat))
return save_patterns(num_pat, pat, num_file, file);
+ # ifdef HAVE_SANDBOX
+ /* Don't allow any shell command in the sandbox. */
+ if (sandbox != 0 && check_secure())
+ return FAIL;
+ # endif
+
/*
* Don't allow the use of backticks in secure and restricted mode.
*/
! if (secure || restricted)
for (i = 0; i < num_pat; ++i)
if (vim_strchr(pat[i], '`') != NULL
&& (check_restricted() || check_secure()))
*** ../vim-6.3.081/src/version.c Tue Jul 19 22:31:54 2005
--- src/version.c Wed Jul 20 11:03:50 2005
***************
*** 643,644 ****
--- 643,646 ----
{ /* Add new patch number below this line */
+ /**/
+ 82,
/**/
--
No letters of the alphabet were harmed in the creation of this message.
/// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\
/// Sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ Project leader for A-A-P -- http://www.A-A-P.org ///
\\\ Buy LOTR 3 and help AIDS victims -- http://ICCF.nl/lotr.html ///
