To: vim-dev@vim.org Subject: Patch 6.3.082 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit ------------ Patch 6.3.082 (after 6.3.081) Problem: Unix: expand() may execute a shell command when it's not wanted. (Georgi Guninski) Solution: A more generic solution than 6.3.081. Files: src/os_unix.c *** ../vim-6.3.081/src/os_unix.c Tue Jul 19 22:31:54 2005 --- src/os_unix.c Wed Jul 20 10:54:12 2005 *************** *** 4697,4710 **** if (!have_wildcard(num_pat, pat)) return save_patterns(num_pat, pat, num_file, file); /* * Don't allow the use of backticks in secure and restricted mode. */ ! if (secure || restricted ! # ifdef HAVE_SANDBOX ! || sandbox != 0 ! # endif ! ) for (i = 0; i < num_pat; ++i) if (vim_strchr(pat[i], '`') != NULL && (check_restricted() || check_secure())) --- 4697,4712 ---- if (!have_wildcard(num_pat, pat)) return save_patterns(num_pat, pat, num_file, file); + # ifdef HAVE_SANDBOX + /* Don't allow any shell command in the sandbox. */ + if (sandbox != 0 && check_secure()) + return FAIL; + # endif + /* * Don't allow the use of backticks in secure and restricted mode. */ ! if (secure || restricted) for (i = 0; i < num_pat; ++i) if (vim_strchr(pat[i], '`') != NULL && (check_restricted() || check_secure())) *** ../vim-6.3.081/src/version.c Tue Jul 19 22:31:54 2005 --- src/version.c Wed Jul 20 11:03:50 2005 *************** *** 643,644 **** --- 643,646 ---- { /* Add new patch number below this line */ + /**/ + 82, /**/ -- No letters of the alphabet were harmed in the creation of this message. /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// Sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ Project leader for A-A-P -- http://www.A-A-P.org /// \\\ Buy LOTR 3 and help AIDS victims -- http://ICCF.nl/lotr.html ///