To: vim_dev@googlegroups.com Subject: Patch 7.4.1777 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 7.4.1777 Problem: Newly added features can escape the sandbox. Solution: Add checks for restricted and secure. (Yasuhiro Matsumoto) Files: src/eval.c *** ../vim-7.4.1776/src/eval.c 2016-04-22 10:00:31.888192784 +0200 --- src/eval.c 2016-04-22 20:39:16.676839294 +0200 *************** *** 10408,10413 **** --- 10408,10415 ---- f_ch_open(typval_T *argvars, typval_T *rettv) { rettv->v_type = VAR_CHANNEL; + if (check_restricted() || check_secure()) + return; rettv->vval.v_channel = channel_open_func(argvars); } *************** *** 15078,15083 **** --- 15080,15087 ---- f_job_start(typval_T *argvars, typval_T *rettv) { rettv->v_type = VAR_JOB; + if (check_restricted() || check_secure()) + return; rettv->vval.v_job = job_start(argvars); } *************** *** 16821,16828 **** #endif #ifdef FEAT_CLIENTSERVER - static void remote_common(typval_T *argvars, typval_T *rettv, int expr); - static void remote_common(typval_T *argvars, typval_T *rettv, int expr) { --- 16825,16830 ---- *************** *** 20683,20688 **** --- 20685,20692 ---- char_u *callback; dict_T *dict; + if (check_secure()) + return; if (argvars[2].v_type != VAR_UNKNOWN) { if (argvars[2].v_type != VAR_DICT *** ../vim-7.4.1776/src/version.c 2016-04-22 20:20:13.004866307 +0200 --- src/version.c 2016-04-22 20:36:44.914435404 +0200 *************** *** 755,756 **** --- 755,758 ---- { /* Add new patch number below this line */ + /**/ + 1777, /**/ -- ARTHUR: Bloody peasant! DENNIS: Oh, what a give away. Did you hear that, did you hear that, eh? That's what I'm on about -- did you see him repressing me, you saw it didn't you? The Quest for the Holy Grail (Monty Python) /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ an exciting new programming language -- http://www.Zimbu.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///