46694Re: feedkeys() allowed in sandbox
- Apr 30, 2007John Beckett wrote:
> A.J.Mechelynck wrote:This is not true. It just reduces the chance of a mistake being made by
> >> Is folding really needed in a default modeline?
> > Folding may be useful in a modeline.
> > (Don't know what you call a "default" modeline.)
> By "default modeline" I mean I would like Vim to be changed so
> that its default behaviour is aggressively safe. If wanted,
> there could be a new option to enable clever features, and a
> user could choose to allow modelines with folding or expression
> evaluation, etc.
an unknown factor. It's still possible to allow an option to be set,
thinking that it is OK, but we later find out that it was not OK. Just
like carefully removing mistakes and screening the options for mistakes
does help to make it safer. Thus it doesn't make an essential
difference. N times as safe still isn't 100% safe.
In other words: If we have an option "run insecure" nobody would set it.
Vim must be secure as-is.
> But the only long-term safe procedure is to have Vim *default*As they sometimes joke: The best way to protect your computer from
> to work with only very restricted modelines (set tab and other
> options - no way to even get near executing code).
malicious software is to switch it off. Likewise, the only really safe
way is to disable modelines. Obviously you pay a price: restricted
functionality. Options to partly disable modelines make it more
complicated and don't help much for security.
> I am wondering what the lack of comment on this topic indicates.Don't forget that this requires someone who intentionally wants this
> Do you understand that another modeline vulnerability could
> allow the next file you open to overwrite all files under your
> home folder? Or it might overwrite all sectors on your disk, if
> you have sufficient privilege.
evil thing to happen. So far the only examples seen are jokes and proof
of concept. I have never seen a file with a modeline that intentionally
> How about if you go to another computer that you rarely use.Modelines are default off when you are root. The mail filetype plugin
> Would you be happy using Vim on that computer?
> Network admins in secure environments should be prohibited
> from using Vim.
also switches it off.
> If I am overlooking something, or am overly alarmist, pleaseThanks for the advertisement! :-).
> tell me. For anyone new to this, enter following in Google:
> vim vulnerability modeline
Give a man a computer program and you give him a headache,
but teach him to program computers and you give him the power
to create headaches for others for the rest of his life...
R. B. Forest
/// Bram Moolenaar -- Bram@... -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ download, build and distribute -- http://www.A-A-P.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
- << Previous post in topic Next post in topic >>