Re: feedkeys() allowed in sandbox
- On Fri, 4 May 2007 14:20:22 +1000
"John Beckett" <winterwaffle@...> wrote:
> I mentioned that the first step for point 4 should (IMHO) beMost previous exploits have been exploitable with far below the line
> rejecting any modeline beyond some fairly small maximum size.
length that is reasonably used by sensible people.
> What I'd really like would be a separate sanity check thathttp://www.vim.org/scripts/script.php?script_id=1876
> verifies that the syntax in the modeline is boringly standard
> 'set' options for a declared whitelist of things that a modeline
> is allowed to do.
> For example, 100 bytes of malware might be able to erase my100 bytes is more than enough room to download and execute a file that
> files, but perhaps it couldn't do something more sophisticated
> like launching a hidden infiltration of my network.
contains the real malicious code.
- Ciaran McCreesh wrote:
> 100 bytes is more than enough room to download and executeI actually agree that it is extremely unlikely that a length
> a file that contains the real malicious code.
check would make modelines more secure, but I'm being
argumentative because it's irritating to be authoritatively
assured that a length check would have no benefit in the future.
We just don't know whether some future vulnerability (perhaps
using a currently-unknown new feature) might be avoided with a
modeline length check.