Loading ...
Sorry, an error occurred while loading the content.

Re: vim security bug

Expand Messages
  • Bram Moolenaar
    ... [...] ... Glad to be missed :-). ... The foldexpr is evaluated silently. That is to avoid that redrawing the screen causes messages, which causes a
    Message 1 of 5 , Dec 22, 2002
    View Source
    • 0 Attachment
      Walter Briscoe wrote:

      > >I haven't read older messages yet, thus I don't know if someone
      > >suggested a good solution yet. This patch should fix the problem:

      [...]
      > Welcome back, Bram! This list has been lonely without you.

      Glad to be missed :-).

      > I tried Christian's patch. It prevents the potentially lethal libcall.
      > My test file derived from http://www.guninski.com/vim1.html so the
      > attack is only made once is
      > C:\wfb\vim\bld\vim61\src> nl attack.t
      > 1 /* vim:set foldmethod=expr foldexpr=confirm(libcall("/lib/libc.so.6","system","/bin/ls"),"ms_sux"): */
      >
      > C:\wfb\vim\bld\vim61\src>
      > I think quietly refusing to do what is requested is unhelpful.
      > Christian's "EMSG(_(e_sandbox))" is ineffective. Bram's patch has the
      > same quietened EMSG call in check_secure(). With either patch, the
      > "ms_sux" prompt is given even though the libcall is not activated.

      The 'foldexpr' is evaluated silently. That is to avoid that redrawing
      the screen causes messages, which causes a redraw that causes messages,
      etc. You could get stuck. Setting 'verbose' should give you enough
      info to find out why 'foldexpr' doeesn't work as expected.

      > I don't understand a couple of points:
      > why the internal functions suppress diagnostics;
      > why internal function failure is not returned to the caller.
      >
      > Can I suggest that this bug ought to be the "catalyst" to cause vim 6.2
      > to be issued? I think Georgi Guninski is to be congratulated for finding
      > the gap in Vim's defences. OTOH, Bram is to be congratulated for
      > continuing to support modelines. SUSV3 - the latest POSIX - has
      > abandoned them as inherently insecure. I think that decision is craven.

      I am certainly considering releasing 6.2 soon. It's mostly a matter of
      collecting and checking all patches. I also have quite a few todo items
      that should be handled. Don't hold your breath...

      --
      hundred-and-one symptoms of being an internet addict:
      113. You are asked about a bus schedule, you wonder if it is 16 or 32 bits.

      /// Bram Moolenaar -- Bram@... -- http://www.moolenaar.net \\\
      /// Creator of Vim - Vi IMproved -- http://www.vim.org \\\
      \\\ Project leader for A-A-P -- http://www.a-a-p.org ///
      \\\ Lord Of The Rings helps Uganda - http://iccf-holland.org/lotr.html ///
    Your message has been successfully submitted and would be delivered to recipients shortly.