diff options
Diffstat (limited to 'data/vim/patches/8.1.0881')
| -rw-r--r-- | data/vim/patches/8.1.0881 | 474 |
1 files changed, 0 insertions, 474 deletions
diff --git a/data/vim/patches/8.1.0881 b/data/vim/patches/8.1.0881 deleted file mode 100644 index 2f24f2b40..000000000 --- a/data/vim/patches/8.1.0881 +++ /dev/null @@ -1,474 +0,0 @@ -To: vim_dev@googlegroups.com -Subject: Patch 8.1.0881 -Fcc: outbox -From: Bram Moolenaar <Bram@moolenaar.net> -Mime-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit ------------- - -Patch 8.1.0881 -Problem: Can execute shell commands in rvim through interfaces. -Solution: Disable using interfaces in restricted mode. Allow for writing - file with writefile(), histadd() and a few others. -Files: runtime/doc/starting.txt, src/if_perl.xs, src/if_cmds.h, - src/ex_cmds.c, src/ex_docmd.c, src/evalfunc.c, - src/testdir/test_restricted.vim, src/testdir/Make_all.mak - - -*** ../vim-8.1.0880/runtime/doc/starting.txt 2018-05-17 13:42:03.000000000 +0200 ---- runtime/doc/starting.txt 2019-02-08 13:56:44.035120636 +0100 -*************** -*** 248,259 **** - changes and writing. - {not in Vi} - -! *-Z* *restricted-mode* *E145* - -Z Restricted mode. All commands that make use of an external - shell are disabled. This includes suspending with CTRL-Z, -! ":sh", filtering, the system() function, backtick expansion, -! delete(), rename(), mkdir(), writefile(), libcall(), -! job_start(), etc. - {not in Vi} - - *-g* ---- 248,265 ---- - changes and writing. - {not in Vi} - -! *-Z* *restricted-mode* *E145* *E981* - -Z Restricted mode. All commands that make use of an external - shell are disabled. This includes suspending with CTRL-Z, -! ":sh", filtering, the system() function, backtick expansion -! and libcall(). -! Also disallowed are delete(), rename(), mkdir(), job_start(), -! etc. -! Interfaces, such as Python, Ruby and Lua, are also disabled, -! since they could be used to execute shell commands. Perl uses -! the Safe module. -! Note that the user may still find a loophole to execute a -! shell command, it has only been made difficult. - {not in Vi} - - *-g* -*** ../vim-8.1.0880/src/if_perl.xs 2019-01-19 17:43:03.413449172 +0100 ---- src/if_perl.xs 2019-02-08 13:27:55.445028617 +0100 -*************** -*** 971,976 **** ---- 971,977 ---- - #ifdef DYNAMIC_PERL - static char *e_noperl = N_("Sorry, this command is disabled: the Perl library could not be loaded."); - #endif -+ static char *e_perlsandbox = N_("E299: Perl evaluation forbidden in sandbox without the Safe module"); - - /* - * ":perl" -*************** -*** 1019,1031 **** - vim_free(script); - } - -! #ifdef HAVE_SANDBOX -! if (sandbox) - { - safe = perl_get_sv("VIM::safe", FALSE); - # ifndef MAKE_TEST /* avoid a warning for unreachable code */ - if (safe == NULL || !SvTRUE(safe)) -! emsg(_("E299: Perl evaluation forbidden in sandbox without the Safe module")); - else - # endif - { ---- 1020,1031 ---- - vim_free(script); - } - -! if (sandbox || secure) - { - safe = perl_get_sv("VIM::safe", FALSE); - # ifndef MAKE_TEST /* avoid a warning for unreachable code */ - if (safe == NULL || !SvTRUE(safe)) -! emsg(_(e_perlsandbox)); - else - # endif - { -*************** -*** 1037,1043 **** - } - } - else -- #endif - perl_eval_sv(sv, G_DISCARD | G_NOARGS); - - SvREFCNT_dec(sv); ---- 1037,1042 ---- -*************** -*** 1298,1310 **** - ENTER; - SAVETMPS; - -! #ifdef HAVE_SANDBOX -! if (sandbox) - { - safe = get_sv("VIM::safe", FALSE); - # ifndef MAKE_TEST /* avoid a warning for unreachable code */ - if (safe == NULL || !SvTRUE(safe)) -! emsg(_("E299: Perl evaluation forbidden in sandbox without the Safe module")); - else - # endif - { ---- 1297,1308 ---- - ENTER; - SAVETMPS; - -! if (sandbox || secure) - { - safe = get_sv("VIM::safe", FALSE); - # ifndef MAKE_TEST /* avoid a warning for unreachable code */ - if (safe == NULL || !SvTRUE(safe)) -! emsg(_(e_perlsandbox)); - else - # endif - { -*************** -*** 1320,1326 **** - } - } - else -- #endif /* HAVE_SANDBOX */ - sv = eval_pv((char *)str, 0); - - if (sv) { ---- 1318,1323 ---- -*** ../vim-8.1.0880/src/ex_cmds.c 2019-01-31 18:26:05.734803539 +0100 ---- src/ex_cmds.c 2019-02-08 14:09:30.838943884 +0100 -*************** -*** 4775,4781 **** - { - if (restricted) - { -! emsg(_("E145: Shell commands not allowed in rvim")); - return TRUE; - } - return FALSE; ---- 4775,4781 ---- - { - if (restricted) - { -! emsg(_("E145: Shell commands and some functionality not allowed in rvim")); - return TRUE; - } - return FALSE; -*** ../vim-8.1.0880/src/ex_docmd.c 2019-01-31 18:26:05.734803539 +0100 ---- src/ex_docmd.c 2019-02-08 13:21:20.959437381 +0100 -*************** -*** 2007,2017 **** - #ifdef HAVE_SANDBOX - if (sandbox != 0 && !(ea.argt & SBOXOK)) - { -! /* Command not allowed in sandbox. */ - errormsg = _(e_sandbox); - goto doend; - } - #endif - if (!curbuf->b_p_ma && (ea.argt & MODIFY)) - { - /* Command not allowed in non-'modifiable' buffer */ ---- 2007,2022 ---- - #ifdef HAVE_SANDBOX - if (sandbox != 0 && !(ea.argt & SBOXOK)) - { -! // Command not allowed in sandbox. - errormsg = _(e_sandbox); - goto doend; - } - #endif -+ if (restricted != 0 && (ea.argt & RESTRICT)) -+ { -+ errormsg = _("E981: Command not allowed in rvim"); -+ goto doend; -+ } - if (!curbuf->b_p_ma && (ea.argt & MODIFY)) - { - /* Command not allowed in non-'modifiable' buffer */ -*** ../vim-8.1.0880/src/evalfunc.c 2019-02-03 14:52:42.501867485 +0100 ---- src/evalfunc.c 2019-02-08 14:14:33.345334906 +0100 -*************** -*** 6817,6823 **** - #endif - - rettv->vval.v_number = FALSE; -! if (check_restricted() || check_secure()) - return; - #ifdef FEAT_CMDHIST - str = tv_get_string_chk(&argvars[0]); /* NULL on type error */ ---- 6817,6823 ---- - #endif - - rettv->vval.v_number = FALSE; -! if (check_secure()) - return; - #ifdef FEAT_CMDHIST - str = tv_get_string_chk(&argvars[0]); /* NULL on type error */ -*************** -*** 7898,7903 **** ---- 7898,7906 ---- - char_u *str; - char_u buf[NUMBUFLEN]; - -+ if (check_restricted() || check_secure()) -+ return; -+ - str = tv_get_string_buf(&argvars[0], buf); - do_luaeval(str, argvars + 1, rettv); - } -*************** -*** 8644,8649 **** ---- 8647,8654 ---- - char_u *str; - char_u buf[NUMBUFLEN]; - -+ if (check_restricted() || check_secure()) -+ return; - str = tv_get_string_buf(&argvars[0], buf); - do_mzeval(str, rettv); - } -*************** -*** 8932,8937 **** ---- 8937,8945 ---- - char_u *str; - char_u buf[NUMBUFLEN]; - -+ if (check_restricted() || check_secure()) -+ return; -+ - if (p_pyx == 0) - p_pyx = 3; - -*************** -*** 8950,8955 **** ---- 8958,8966 ---- - char_u *str; - char_u buf[NUMBUFLEN]; - -+ if (check_restricted() || check_secure()) -+ return; -+ - if (p_pyx == 0) - p_pyx = 2; - -*************** -*** 8965,8970 **** ---- 8976,8984 ---- - static void - f_pyxeval(typval_T *argvars, typval_T *rettv) - { -+ if (check_restricted() || check_secure()) -+ return; -+ - # if defined(FEAT_PYTHON) && defined(FEAT_PYTHON3) - init_pyxversion(); - if (p_pyx == 2) -*************** -*** 10819,10825 **** - typval_T *varp; - char_u nbuf[NUMBUFLEN]; - -! if (check_restricted() || check_secure()) - return; - (void)tv_get_number(&argvars[0]); /* issue errmsg if type error */ - varname = tv_get_string_chk(&argvars[1]); ---- 10833,10839 ---- - typval_T *varp; - char_u nbuf[NUMBUFLEN]; - -! if (check_secure()) - return; - (void)tv_get_number(&argvars[0]); /* issue errmsg if type error */ - varname = tv_get_string_chk(&argvars[1]); -*************** -*** 11341,11347 **** - - rettv->vval.v_number = 0; - -! if (check_restricted() || check_secure()) - return; - - tp = find_tabpage((int)tv_get_number_chk(&argvars[0], NULL)); ---- 11355,11361 ---- - - rettv->vval.v_number = 0; - -! if (check_secure()) - return; - - tp = find_tabpage((int)tv_get_number_chk(&argvars[0], NULL)); -*************** -*** 14714,14720 **** - blob_T *blob = NULL; - - rettv->vval.v_number = -1; -! if (check_restricted() || check_secure()) - return; - - if (argvars[0].v_type == VAR_LIST) ---- 14728,14734 ---- - blob_T *blob = NULL; - - rettv->vval.v_number = -1; -! if (check_secure()) - return; - - if (argvars[0].v_type == VAR_LIST) -*** ../vim-8.1.0880/src/testdir/test_restricted.vim 2019-02-08 14:31:57.351438282 +0100 ---- src/testdir/test_restricted.vim 2019-02-08 14:26:17.361387453 +0100 -*************** -*** 0 **** ---- 1,107 ---- -+ " Test for "rvim" or "vim -Z" -+ -+ source shared.vim -+ -+ func Test_restricted() -+ let cmd = GetVimCommand('Xrestricted') -+ if cmd == '' -+ return -+ endif -+ -+ call writefile([ -+ \ "silent !ls", -+ \ "call writefile([v:errmsg], 'Xrestrout')", -+ \ "qa!", -+ \ ], 'Xrestricted') -+ call system(cmd . ' -Z') -+ call assert_match('E145:', join(readfile('Xrestrout'))) -+ -+ call delete('Xrestricted') -+ call delete('Xrestrout') -+ endfunc -+ -+ func Run_restricted_test(ex_cmd, error) -+ let cmd = GetVimCommand('Xrestricted') -+ if cmd == '' -+ return -+ endif -+ -+ call writefile([ -+ \ a:ex_cmd, -+ \ "call writefile([v:errmsg], 'Xrestrout')", -+ \ "qa!", -+ \ ], 'Xrestricted') -+ call system(cmd . ' -Z') -+ call assert_match(a:error, join(readfile('Xrestrout'))) -+ -+ call delete('Xrestricted') -+ call delete('Xrestrout') -+ endfunc -+ -+ func Test_restricted_lua() -+ if !has('lua') -+ throw 'Skipped: Lua is not supported' -+ endif -+ call Run_restricted_test('lua print("Hello, Vim!")', 'E981:') -+ call Run_restricted_test('luado return "hello"', 'E981:') -+ call Run_restricted_test('luafile somefile', 'E981:') -+ call Run_restricted_test('call luaeval("expression")', 'E145:') -+ endfunc -+ -+ func Test_restricted_mzscheme() -+ if !has('mzscheme') -+ throw 'Skipped: MzScheme is not supported' -+ endif -+ call Run_restricted_test('mzscheme statement', 'E981:') -+ call Run_restricted_test('mzfile somefile', 'E981:') -+ call Run_restricted_test('call mzeval("expression")', 'E145:') -+ endfunc -+ -+ func Test_restricted_perl() -+ if !has('perl') -+ throw 'Skipped: Perl is not supported' -+ endif -+ " TODO: how to make Safe mode fail? -+ " call Run_restricted_test('perl system("ls")', 'E981:') -+ " call Run_restricted_test('perldo system("hello")', 'E981:') -+ " call Run_restricted_test('perlfile somefile', 'E981:') -+ " call Run_restricted_test('call perleval("system(\"ls\")")', 'E145:') -+ endfunc -+ -+ func Test_restricted_python() -+ if !has('python') -+ throw 'Skipped: Python is not supported' -+ endif -+ call Run_restricted_test('python print "hello"', 'E981:') -+ call Run_restricted_test('pydo return "hello"', 'E981:') -+ call Run_restricted_test('pyfile somefile', 'E981:') -+ call Run_restricted_test('call pyeval("expression")', 'E145:') -+ endfunc -+ -+ func Test_restricted_python3() -+ if !has('python3') -+ throw 'Skipped: Python3 is not supported' -+ endif -+ call Run_restricted_test('py3 print "hello"', 'E981:') -+ call Run_restricted_test('py3do return "hello"', 'E981:') -+ call Run_restricted_test('py3file somefile', 'E981:') -+ call Run_restricted_test('call py3eval("expression")', 'E145:') -+ endfunc -+ -+ func Test_restricted_ruby() -+ if !has('ruby') -+ throw 'Skipped: Ruby is not supported' -+ endif -+ call Run_restricted_test('ruby print "Hello"', 'E981:') -+ call Run_restricted_test('rubydo print "Hello"', 'E981:') -+ call Run_restricted_test('rubyfile somefile', 'E981:') -+ endfunc -+ -+ func Test_restricted_tcl() -+ if !has('tcl') -+ throw 'Skipped: Tcl is not supported' -+ endif -+ call Run_restricted_test('tcl puts "Hello"', 'E981:') -+ call Run_restricted_test('tcldo puts "Hello"', 'E981:') -+ call Run_restricted_test('tclfile somefile', 'E981:') -+ endfunc -*** ../vim-8.1.0880/src/testdir/Make_all.mak 2019-01-24 22:42:14.949304772 +0100 ---- src/testdir/Make_all.mak 2019-02-08 13:37:16.649924127 +0100 -*************** -*** 213,218 **** ---- 213,219 ---- - test_regexp_utf8 \ - test_registers \ - test_reltime \ -+ test_restricted \ - test_retab \ - test_ruby \ - test_scriptnames \ -*************** -*** 375,380 **** ---- 376,382 ---- - test_quotestar.res \ - test_regex_char_classes.res \ - test_registers.res \ -+ test_restricted.res \ - test_retab.res \ - test_ruby.res \ - test_scriptnames.res \ -*** ../vim-8.1.0880/src/version.c 2019-02-08 12:46:03.588784187 +0100 ---- src/version.c 2019-02-08 14:32:06.151387661 +0100 -*************** -*** 785,786 **** ---- 785,788 ---- - { /* Add new patch number below this line */ -+ /**/ -+ 881, - /**/ - --- -A parent can be arrested if his child cannot hold back a burp during a church -service. - [real standing law in Nebraska, United States of America] - - /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ -/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ -\\\ an exciting new programming language -- http://www.Zimbu.org /// - \\\ help me help AIDS victims -- http://ICCF-Holland.org /// |