46720Re: feedkeys() allowed in sandbox
- May 4, 2007On Fri, 4 May 2007 14:20:22 +1000
"John Beckett" <winterwaffle@...> wrote:
> I mentioned that the first step for point 4 should (IMHO) beMost previous exploits have been exploitable with far below the line
> rejecting any modeline beyond some fairly small maximum size.
length that is reasonably used by sensible people.
> What I'd really like would be a separate sanity check thathttp://www.vim.org/scripts/script.php?script_id=1876
> verifies that the syntax in the modeline is boringly standard
> 'set' options for a declared whitelist of things that a modeline
> is allowed to do.
> For example, 100 bytes of malware might be able to erase my100 bytes is more than enough room to download and execute a file that
> files, but perhaps it couldn't do something more sophisticated
> like launching a hidden infiltration of my network.
contains the real malicious code.
- << Previous post in topic Next post in topic >>