Loading ...
Sorry, an error occurred while loading the content.

Re: rvim "paranoid" mode? New feature

Expand Messages
  • Marian Csontos
    ... and :badd and :split and i suppose much more -- Mgr. Marián Csontos programátor POS AXA, a.s. Radnièné námestie 4 821 05 Bratislava tel. +421 2 4829
    Message 1 of 34 , Mar 2, 2005
    • 0 Attachment
      >> Can anyone else think of other ways to subvert this security? It would
      >> be really nice to have an rvim that really only allows the user to
      >> operate on the file(s) passed on the command line.
      >
      > Have you considered file marks: 'A to 'Z, '0 to '9 and their backquote
      > counterparts? (Or have you disabled viminfo completely?)
      >
      and :badd and :split and i suppose much more

      --
      Mgr. Marián Csontos
      programátor POS
      AXA, a.s.
      Radničné námestie 4
      821 05 Bratislava
      tel. +421 2 4829 4218
      mailto:csontos@...
      www.axa.sk



      ________ Information from NOD32 ________
      This message was checked by NOD32 Antivirus System for Linux Mail Server.
      http://www.nod32.com
    • Collins, Kevin (MindWorks)
      Ok, after further prompting from Tony, I re-worked these changes into the latest patched revision of vim (6.3.062) and I m once again asking for folks to see
      Message 34 of 34 , Mar 7, 2005
      • 0 Attachment
        Ok, after further prompting from Tony, I re-worked these changes into
        the latest patched revision of vim (6.3.062) and I'm once again asking
        for folks to see if they can subvert rvim.

        Thanks,

        Kevin

        -----Original Message-----
        From: Collins, Kevin (MindWorks)
        Sent: Thursday, March 03, 2005 4:03 PM
        To: vim-dev@...
        Cc: Bram@...
        Subject: RE: rvim "paranoid" mode? New feature


        Hi again,

        I've applied all of my code changes against the vim63 source. If
        anyone feels like testing this more hardened version of rvim for
        exploitation, I would be happy to hear feedback - especially if you
        manage to subvert it and access another file directly or indirectly.

        These diffs can be applied to the original source like this:

        patch ex_cmds.c ex_cmds.c.diff

        Thanks,

        Kevin

        -----Original Message-----
        From: Collins, Kevin (MindWorks)
        Sent: Wednesday, March 02, 2005 8:40 AM
        To: Bram@...
        Cc: vim-dev@...
        Subject: RE: rvim "paranoid" mode? New feature


        Thanks, Bram. As I've mentioned indirectly, I am not a C programmer -
        I'm a sysadmin with a lot of advanced shell, perl, php, etc (you name
        it) scripting experience, and vim has a lot of source :)

        As evidenced by some of the replies I have received on this list, there
        are a few more things I've missed ('{A-Z0-9}, :arg*, etc).

        However, I did just mention in a previous post that I should probably be
        looking for the "generic" file open (and write) functions, as opposed to
        trying to fix every subroutine :)

        I did incorporate my changes into 6.3 last night and things are still
        working there, but I'll spend more time looking at the fuctions you
        mentioned, although it may be beyond my skill level to do this
        correctly.

        Thanks,

        Kevin

        -----Original Message-----
        From: Bram@... [mailto:Bram@...]
        Sent: Wednesday, March 02, 2005 3:19 AM
        To: Collins, Kevin (MindWorks)
        Cc: vim-dev@...
        Subject: RE: rvim "paranoid" mode? New feature



        Kevin Collins wrote:

        > The help still works fine. I am pretty certain its impossible to
        > edit/squash another file, but I am not a vim expert :)
        >
        > Besides :e, :w, :!, :r! and :redir what other methods are available to
        > edit (or otherwise stomp on) another file or start a subshell? I read
        a
        > lot of the docs and couldn't find any.

        You don't sound very sure that there can't be another way. Instead of
        looking in the docs, perhaps you should check the source code where
        readfile() and buf_write() are used (indirectly).

        > I can send the 2 source files I modified or diff output or something
        > else if you'd care to look. The changes are relatively minor. One
        issue
        > that my code doesn't handle correctly (but I'm sure you could fix
        > easily) is that if you do:
        >
        > rvim myfile
        >
        > you can do :w or :w! but can't do :w myfile - in other words, my hack
        > disallows any filename argument to :w... Don't know why you would
        really
        > want to do it, but it should be allowed.

        I would say that this would be intentional. This mode is to edit one
        file, thus you don't need to specify a file name. You certainly don't
        want to write elsewhere.

        I suppose you do allow copy/paste?

        --
        We're knights of the Round Table
        Our shows are formidable
        But many times
        We're given rhymes
        That are quite unsingable
        We're opera mad in Camelot
        We sing from the diaphragm a lot.
        "Monty Python and the Holy Grail" PYTHON (MONTY)
        PICTURES LTD

        /// Bram Moolenaar -- Bram@... -- http://www.Moolenaar.net
        \\\
        /// Sponsor Vim, vote for features -- http://www.Vim.org/sponsor/
        \\\
        \\\ Project leader for A-A-P -- http://www.A-A-P.org
        ///
        \\\ Buy LOTR 3 and help AIDS victims -- http://ICCF.nl/lotr.html
        ///
      Your message has been successfully submitted and would be delivered to recipients shortly.