Loading ...
Sorry, an error occurred while loading the content.

RE: rvim "paranoid" mode? New feature

Expand Messages
  • Collins, Kevin (MindWorks)
    FYI, I was able to fix the various :arg commands pretty quickly... Can anyone else think of other ways to subvert this security? It would be really nice to
    Message 1 of 34 , Mar 1, 2005
    • 0 Attachment
      FYI, I was able to fix the various ":arg" commands pretty quickly...

      Can anyone else think of other ways to subvert this security? It would
      be really nice to have an rvim that really only allows the user to
      operate on the file(s) passed on the command line.

      Kevin

      -----Original Message-----
      From: A. J. Mechelynck [mailto:antoine.mechelynck@...]
      Sent: Tuesday, March 01, 2005 2:27 PM
      To: Collins, Kevin (MindWorks)
      Cc: Bram@...; vim-dev@...
      Subject: Re: rvim "paranoid" mode? New feature


      Collins, Kevin (MindWorks) wrote:
      > The help still works fine. I am pretty certain its impossible to
      > edit/squash another file, but I am not a vim expert :)
      >
      > Besides :e, :w, :!, :r! and :redir what other methods are available to
      > edit (or otherwise stomp on) another file or start a subshell? I read
      a
      > lot of the docs and couldn't find any. [...]

      :saveas {filename}
      :args {filename} ...
      :new {filename}
      :split {filename}

      I'm not sure I got them all.

      Best regards,
      Tony.
    • Collins, Kevin (MindWorks)
      Ok, after further prompting from Tony, I re-worked these changes into the latest patched revision of vim (6.3.062) and I m once again asking for folks to see
      Message 34 of 34 , Mar 7, 2005
      • 0 Attachment
        Ok, after further prompting from Tony, I re-worked these changes into
        the latest patched revision of vim (6.3.062) and I'm once again asking
        for folks to see if they can subvert rvim.

        Thanks,

        Kevin

        -----Original Message-----
        From: Collins, Kevin (MindWorks)
        Sent: Thursday, March 03, 2005 4:03 PM
        To: vim-dev@...
        Cc: Bram@...
        Subject: RE: rvim "paranoid" mode? New feature


        Hi again,

        I've applied all of my code changes against the vim63 source. If
        anyone feels like testing this more hardened version of rvim for
        exploitation, I would be happy to hear feedback - especially if you
        manage to subvert it and access another file directly or indirectly.

        These diffs can be applied to the original source like this:

        patch ex_cmds.c ex_cmds.c.diff

        Thanks,

        Kevin

        -----Original Message-----
        From: Collins, Kevin (MindWorks)
        Sent: Wednesday, March 02, 2005 8:40 AM
        To: Bram@...
        Cc: vim-dev@...
        Subject: RE: rvim "paranoid" mode? New feature


        Thanks, Bram. As I've mentioned indirectly, I am not a C programmer -
        I'm a sysadmin with a lot of advanced shell, perl, php, etc (you name
        it) scripting experience, and vim has a lot of source :)

        As evidenced by some of the replies I have received on this list, there
        are a few more things I've missed ('{A-Z0-9}, :arg*, etc).

        However, I did just mention in a previous post that I should probably be
        looking for the "generic" file open (and write) functions, as opposed to
        trying to fix every subroutine :)

        I did incorporate my changes into 6.3 last night and things are still
        working there, but I'll spend more time looking at the fuctions you
        mentioned, although it may be beyond my skill level to do this
        correctly.

        Thanks,

        Kevin

        -----Original Message-----
        From: Bram@... [mailto:Bram@...]
        Sent: Wednesday, March 02, 2005 3:19 AM
        To: Collins, Kevin (MindWorks)
        Cc: vim-dev@...
        Subject: RE: rvim "paranoid" mode? New feature



        Kevin Collins wrote:

        > The help still works fine. I am pretty certain its impossible to
        > edit/squash another file, but I am not a vim expert :)
        >
        > Besides :e, :w, :!, :r! and :redir what other methods are available to
        > edit (or otherwise stomp on) another file or start a subshell? I read
        a
        > lot of the docs and couldn't find any.

        You don't sound very sure that there can't be another way. Instead of
        looking in the docs, perhaps you should check the source code where
        readfile() and buf_write() are used (indirectly).

        > I can send the 2 source files I modified or diff output or something
        > else if you'd care to look. The changes are relatively minor. One
        issue
        > that my code doesn't handle correctly (but I'm sure you could fix
        > easily) is that if you do:
        >
        > rvim myfile
        >
        > you can do :w or :w! but can't do :w myfile - in other words, my hack
        > disallows any filename argument to :w... Don't know why you would
        really
        > want to do it, but it should be allowed.

        I would say that this would be intentional. This mode is to edit one
        file, thus you don't need to specify a file name. You certainly don't
        want to write elsewhere.

        I suppose you do allow copy/paste?

        --
        We're knights of the Round Table
        Our shows are formidable
        But many times
        We're given rhymes
        That are quite unsingable
        We're opera mad in Camelot
        We sing from the diaphragm a lot.
        "Monty Python and the Holy Grail" PYTHON (MONTY)
        PICTURES LTD

        /// Bram Moolenaar -- Bram@... -- http://www.Moolenaar.net
        \\\
        /// Sponsor Vim, vote for features -- http://www.Vim.org/sponsor/
        \\\
        \\\ Project leader for A-A-P -- http://www.A-A-P.org
        ///
        \\\ Buy LOTR 3 and help AIDS victims -- http://ICCF.nl/lotr.html
        ///
      Your message has been successfully submitted and would be delivered to recipients shortly.