Loading ...
Sorry, an error occurred while loading the content.

46694Re: feedkeys() allowed in sandbox

Expand Messages
  • Bram Moolenaar
    Apr 30, 2007
    • 0 Attachment
      John Beckett wrote:

      > A.J.Mechelynck wrote:
      > >> Is folding really needed in a default modeline?
      > > Folding may be useful in a modeline.
      > > (Don't know what you call a "default" modeline.)
      >
      > By "default modeline" I mean I would like Vim to be changed so
      > that its default behaviour is aggressively safe. If wanted,
      > there could be a new option to enable clever features, and a
      > user could choose to allow modelines with folding or expression
      > evaluation, etc.

      This is not true. It just reduces the chance of a mistake being made by
      an unknown factor. It's still possible to allow an option to be set,
      thinking that it is OK, but we later find out that it was not OK. Just
      like carefully removing mistakes and screening the options for mistakes
      does help to make it safer. Thus it doesn't make an essential
      difference. N times as safe still isn't 100% safe.

      In other words: If we have an option "run insecure" nobody would set it.
      Vim must be secure as-is.

      > But the only long-term safe procedure is to have Vim *default*
      > to work with only very restricted modelines (set tab and other
      > options - no way to even get near executing code).

      As they sometimes joke: The best way to protect your computer from
      malicious software is to switch it off. Likewise, the only really safe
      way is to disable modelines. Obviously you pay a price: restricted
      functionality. Options to partly disable modelines make it more
      complicated and don't help much for security.

      > I am wondering what the lack of comment on this topic indicates.
      > Do you understand that another modeline vulnerability could
      > allow the next file you open to overwrite all files under your
      > home folder? Or it might overwrite all sectors on your disk, if
      > you have sufficient privilege.

      Don't forget that this requires someone who intentionally wants this
      evil thing to happen. So far the only examples seen are jokes and proof
      of concept. I have never seen a file with a modeline that intentionally
      causes harm.

      > How about if you go to another computer that you rarely use.
      > Would you be happy using Vim on that computer?
      > Network admins in secure environments should be prohibited
      > from using Vim.

      Modelines are default off when you are root. The mail filetype plugin
      also switches it off.

      > If I am overlooking something, or am overly alarmist, please
      > tell me. For anyone new to this, enter following in Google:
      > vim vulnerability modeline

      Thanks for the advertisement! :-).

      --
      Give a man a computer program and you give him a headache,
      but teach him to program computers and you give him the power
      to create headaches for others for the rest of his life...
      R. B. Forest

      /// Bram Moolenaar -- Bram@... -- http://www.Moolenaar.net \\\
      /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
      \\\ download, build and distribute -- http://www.A-A-P.org ///
      \\\ help me help AIDS victims -- http://ICCF-Holland.org ///
    • Show all 25 messages in this topic