Loading ...
Sorry, an error occurred while loading the content.

RE: rvim "paranoid" mode? New feature

Expand Messages
  • Collins, Kevin (MindWorks)
    Ok, after further prompting from Tony, I re-worked these changes into the latest patched revision of vim (6.3.062) and I m once again asking for folks to see
    Message 1 of 34 , Mar 7, 2005
    • 0 Attachment
      Ok, after further prompting from Tony, I re-worked these changes into
      the latest patched revision of vim (6.3.062) and I'm once again asking
      for folks to see if they can subvert rvim.

      Thanks,

      Kevin

      -----Original Message-----
      From: Collins, Kevin (MindWorks)
      Sent: Thursday, March 03, 2005 4:03 PM
      To: vim-dev@...
      Cc: Bram@...
      Subject: RE: rvim "paranoid" mode? New feature


      Hi again,

      I've applied all of my code changes against the vim63 source. If
      anyone feels like testing this more hardened version of rvim for
      exploitation, I would be happy to hear feedback - especially if you
      manage to subvert it and access another file directly or indirectly.

      These diffs can be applied to the original source like this:

      patch ex_cmds.c ex_cmds.c.diff

      Thanks,

      Kevin

      -----Original Message-----
      From: Collins, Kevin (MindWorks)
      Sent: Wednesday, March 02, 2005 8:40 AM
      To: Bram@...
      Cc: vim-dev@...
      Subject: RE: rvim "paranoid" mode? New feature


      Thanks, Bram. As I've mentioned indirectly, I am not a C programmer -
      I'm a sysadmin with a lot of advanced shell, perl, php, etc (you name
      it) scripting experience, and vim has a lot of source :)

      As evidenced by some of the replies I have received on this list, there
      are a few more things I've missed ('{A-Z0-9}, :arg*, etc).

      However, I did just mention in a previous post that I should probably be
      looking for the "generic" file open (and write) functions, as opposed to
      trying to fix every subroutine :)

      I did incorporate my changes into 6.3 last night and things are still
      working there, but I'll spend more time looking at the fuctions you
      mentioned, although it may be beyond my skill level to do this
      correctly.

      Thanks,

      Kevin

      -----Original Message-----
      From: Bram@... [mailto:Bram@...]
      Sent: Wednesday, March 02, 2005 3:19 AM
      To: Collins, Kevin (MindWorks)
      Cc: vim-dev@...
      Subject: RE: rvim "paranoid" mode? New feature



      Kevin Collins wrote:

      > The help still works fine. I am pretty certain its impossible to
      > edit/squash another file, but I am not a vim expert :)
      >
      > Besides :e, :w, :!, :r! and :redir what other methods are available to
      > edit (or otherwise stomp on) another file or start a subshell? I read
      a
      > lot of the docs and couldn't find any.

      You don't sound very sure that there can't be another way. Instead of
      looking in the docs, perhaps you should check the source code where
      readfile() and buf_write() are used (indirectly).

      > I can send the 2 source files I modified or diff output or something
      > else if you'd care to look. The changes are relatively minor. One
      issue
      > that my code doesn't handle correctly (but I'm sure you could fix
      > easily) is that if you do:
      >
      > rvim myfile
      >
      > you can do :w or :w! but can't do :w myfile - in other words, my hack
      > disallows any filename argument to :w... Don't know why you would
      really
      > want to do it, but it should be allowed.

      I would say that this would be intentional. This mode is to edit one
      file, thus you don't need to specify a file name. You certainly don't
      want to write elsewhere.

      I suppose you do allow copy/paste?

      --
      We're knights of the Round Table
      Our shows are formidable
      But many times
      We're given rhymes
      That are quite unsingable
      We're opera mad in Camelot
      We sing from the diaphragm a lot.
      "Monty Python and the Holy Grail" PYTHON (MONTY)
      PICTURES LTD

      /// Bram Moolenaar -- Bram@... -- http://www.Moolenaar.net
      \\\
      /// Sponsor Vim, vote for features -- http://www.Vim.org/sponsor/
      \\\
      \\\ Project leader for A-A-P -- http://www.A-A-P.org
      ///
      \\\ Buy LOTR 3 and help AIDS victims -- http://ICCF.nl/lotr.html
      ///
    • Collins, Kevin (MindWorks)
      Ok, after further prompting from Tony, I re-worked these changes into the latest patched revision of vim (6.3.062) and I m once again asking for folks to see
      Message 34 of 34 , Mar 7, 2005
      • 0 Attachment
        Ok, after further prompting from Tony, I re-worked these changes into
        the latest patched revision of vim (6.3.062) and I'm once again asking
        for folks to see if they can subvert rvim.

        Thanks,

        Kevin

        -----Original Message-----
        From: Collins, Kevin (MindWorks)
        Sent: Thursday, March 03, 2005 4:03 PM
        To: vim-dev@...
        Cc: Bram@...
        Subject: RE: rvim "paranoid" mode? New feature


        Hi again,

        I've applied all of my code changes against the vim63 source. If
        anyone feels like testing this more hardened version of rvim for
        exploitation, I would be happy to hear feedback - especially if you
        manage to subvert it and access another file directly or indirectly.

        These diffs can be applied to the original source like this:

        patch ex_cmds.c ex_cmds.c.diff

        Thanks,

        Kevin

        -----Original Message-----
        From: Collins, Kevin (MindWorks)
        Sent: Wednesday, March 02, 2005 8:40 AM
        To: Bram@...
        Cc: vim-dev@...
        Subject: RE: rvim "paranoid" mode? New feature


        Thanks, Bram. As I've mentioned indirectly, I am not a C programmer -
        I'm a sysadmin with a lot of advanced shell, perl, php, etc (you name
        it) scripting experience, and vim has a lot of source :)

        As evidenced by some of the replies I have received on this list, there
        are a few more things I've missed ('{A-Z0-9}, :arg*, etc).

        However, I did just mention in a previous post that I should probably be
        looking for the "generic" file open (and write) functions, as opposed to
        trying to fix every subroutine :)

        I did incorporate my changes into 6.3 last night and things are still
        working there, but I'll spend more time looking at the fuctions you
        mentioned, although it may be beyond my skill level to do this
        correctly.

        Thanks,

        Kevin

        -----Original Message-----
        From: Bram@... [mailto:Bram@...]
        Sent: Wednesday, March 02, 2005 3:19 AM
        To: Collins, Kevin (MindWorks)
        Cc: vim-dev@...
        Subject: RE: rvim "paranoid" mode? New feature



        Kevin Collins wrote:

        > The help still works fine. I am pretty certain its impossible to
        > edit/squash another file, but I am not a vim expert :)
        >
        > Besides :e, :w, :!, :r! and :redir what other methods are available to
        > edit (or otherwise stomp on) another file or start a subshell? I read
        a
        > lot of the docs and couldn't find any.

        You don't sound very sure that there can't be another way. Instead of
        looking in the docs, perhaps you should check the source code where
        readfile() and buf_write() are used (indirectly).

        > I can send the 2 source files I modified or diff output or something
        > else if you'd care to look. The changes are relatively minor. One
        issue
        > that my code doesn't handle correctly (but I'm sure you could fix
        > easily) is that if you do:
        >
        > rvim myfile
        >
        > you can do :w or :w! but can't do :w myfile - in other words, my hack
        > disallows any filename argument to :w... Don't know why you would
        really
        > want to do it, but it should be allowed.

        I would say that this would be intentional. This mode is to edit one
        file, thus you don't need to specify a file name. You certainly don't
        want to write elsewhere.

        I suppose you do allow copy/paste?

        --
        We're knights of the Round Table
        Our shows are formidable
        But many times
        We're given rhymes
        That are quite unsingable
        We're opera mad in Camelot
        We sing from the diaphragm a lot.
        "Monty Python and the Holy Grail" PYTHON (MONTY)
        PICTURES LTD

        /// Bram Moolenaar -- Bram@... -- http://www.Moolenaar.net
        \\\
        /// Sponsor Vim, vote for features -- http://www.Vim.org/sponsor/
        \\\
        \\\ Project leader for A-A-P -- http://www.A-A-P.org
        ///
        \\\ Buy LOTR 3 and help AIDS victims -- http://ICCF.nl/lotr.html
        ///
      Your message has been successfully submitted and would be delivered to recipients shortly.