Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
vim.15233
restrict-shell-commands.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File restrict-shell-commands.patch of Package vim.15233
Index: vim74/src/eval.c =================================================================== --- vim74.orig/src/eval.c +++ vim74/src/eval.c @@ -14017,6 +14017,9 @@ f_luaeval(argvars, rettv) char_u *str; char_u buf[NUMBUFLEN]; + if (check_restricted() || check_secure()) + return; + str = get_tv_string_buf(&argvars[0], buf); do_luaeval(str, argvars + 1, rettv); } @@ -14628,6 +14631,9 @@ f_mzeval(argvars, rettv) char_u *str; char_u buf[NUMBUFLEN]; + if (check_restricted() || check_secure()) + return; + str = get_tv_string_buf(&argvars[0], buf); do_mzeval(str, rettv); } @@ -14848,6 +14854,9 @@ f_py3eval(argvars, rettv) char_u *str; char_u buf[NUMBUFLEN]; + if (check_restricted() || check_secure()) + return; + str = get_tv_string_buf(&argvars[0], buf); do_py3eval(str, rettv); } @@ -14865,6 +14874,9 @@ f_pyeval(argvars, rettv) char_u *str; char_u buf[NUMBUFLEN]; + if (check_restricted() || check_secure()) + return; + str = get_tv_string_buf(&argvars[0], buf); do_pyeval(str, rettv); } Index: vim74/src/ex_docmd.c =================================================================== --- vim74.orig/src/ex_docmd.c +++ vim74/src/ex_docmd.c @@ -2224,6 +2224,12 @@ do_one_cmd(cmdlinep, sourcing, goto doend; } #endif + if (restricted != 0 && (ea.argt & EX_RESTRICT)) + { + errormsg = _("E981: Command not allowed in rvim"); + goto doend; + } + if (!curbuf->b_p_ma && (ea.argt & MODIFY)) { /* Command not allowed in non-'modifiable' buffer */ Index: vim74/src/ex_cmds.h =================================================================== --- vim74.orig/src/ex_cmds.h +++ vim74/src/ex_cmds.h @@ -54,6 +54,7 @@ #define CMDWIN 0x100000L /* allowed in cmdline window */ #define MODIFY 0x200000L /* forbidden in non-'modifiable' buffer */ #define EXFLAGS 0x400000L /* allow flags after count in argument */ +#define EX_RESTRICT 0x800000L // forbidden in restricted mode #define FILES (XFILE | EXTRA) /* multiple extra files allowed */ #define WORD1 (EXTRA | NOSPC) /* one extra word allowed */ #define FILE1 (FILES | NOSPC) /* 1 file allowed, defaults to current file */ @@ -576,11 +577,11 @@ EX(CMD_ltag, "ltag", ex_tag, EX(CMD_lunmap, "lunmap", ex_unmap, EXTRA|TRLBAR|NOTRLCOM|USECTRLV|CMDWIN), EX(CMD_lua, "lua", ex_lua, - RANGE|EXTRA|NEEDARG|CMDWIN), + RANGE|EXTRA|NEEDARG|CMDWIN|EX_RESTRICT), EX(CMD_luado, "luado", ex_luado, - RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN), + RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN|EX_RESTRICT), EX(CMD_luafile, "luafile", ex_luafile, - RANGE|FILE1|NEEDARG|CMDWIN), + RANGE|FILE1|NEEDARG|CMDWIN|EX_RESTRICT), EX(CMD_lvimgrep, "lvimgrep", ex_vimgrep, RANGE|NOTADR|BANG|NEEDARG|EXTRA|NOTRLCOM|TRLBAR|XFILE), EX(CMD_lvimgrepadd, "lvimgrepadd", ex_vimgrep, @@ -622,9 +623,9 @@ EX(CMD_mkview, "mkview", ex_mkrc, EX(CMD_mode, "mode", ex_mode, WORD1|TRLBAR|CMDWIN), EX(CMD_mzscheme, "mzscheme", ex_mzscheme, - RANGE|EXTRA|DFLALL|NEEDARG|CMDWIN|SBOXOK), + RANGE|EXTRA|DFLALL|NEEDARG|CMDWIN|SBOXOK|EX_RESTRICT), EX(CMD_mzfile, "mzfile", ex_mzfile, - RANGE|FILE1|NEEDARG|CMDWIN), + RANGE|FILE1|NEEDARG|CMDWIN|EX_RESTRICT), EX(CMD_next, "next", ex_next, RANGE|NOTADR|BANG|FILES|EDITCMD|ARGOPT|TRLBAR), EX(CMD_nbkey, "nbkey", ex_nbkey, @@ -742,19 +743,19 @@ EX(CMD_put, "put", ex_put, EX(CMD_pwd, "pwd", ex_pwd, TRLBAR|CMDWIN), EX(CMD_python, "python", ex_python, - RANGE|EXTRA|NEEDARG|CMDWIN), + RANGE|EXTRA|NEEDARG|CMDWIN|EX_RESTRICT), EX(CMD_pydo, "pydo", ex_pydo, - RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN), + RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN|EX_RESTRICT), EX(CMD_pyfile, "pyfile", ex_pyfile, - RANGE|FILE1|NEEDARG|CMDWIN), + RANGE|FILE1|NEEDARG|CMDWIN|EX_RESTRICT), EX(CMD_py3, "py3", ex_py3, - RANGE|EXTRA|NEEDARG|CMDWIN), + RANGE|EXTRA|NEEDARG|CMDWIN|EX_RESTRICT), EX(CMD_py3do, "py3do", ex_py3do, - RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN), + RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN|EX_RESTRICT), EX(CMD_python3, "python3", ex_py3, - RANGE|EXTRA|NEEDARG|CMDWIN), + RANGE|EXTRA|NEEDARG|CMDWIN|EX_RESTRICT), EX(CMD_py3file, "py3file", ex_py3file, - RANGE|FILE1|NEEDARG|CMDWIN), + RANGE|FILE1|NEEDARG|CMDWIN|EX_RESTRICT), EX(CMD_quit, "quit", ex_quit, BANG|TRLBAR|CMDWIN), EX(CMD_quitall, "quitall", ex_quit_all, @@ -790,11 +791,11 @@ EX(CMD_rightbelow, "rightbelow", ex_wron EX(CMD_runtime, "runtime", ex_runtime, BANG|NEEDARG|FILES|TRLBAR|SBOXOK|CMDWIN), EX(CMD_ruby, "ruby", ex_ruby, - RANGE|EXTRA|NEEDARG|CMDWIN), + RANGE|EXTRA|NEEDARG|CMDWIN|EX_RESTRICT), EX(CMD_rubydo, "rubydo", ex_rubydo, - RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN), + RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN|EX_RESTRICT), EX(CMD_rubyfile, "rubyfile", ex_rubyfile, - RANGE|FILE1|NEEDARG|CMDWIN), + RANGE|FILE1|NEEDARG|CMDWIN|EX_RESTRICT), EX(CMD_rundo, "rundo", ex_rundo, NEEDARG|FILE1), EX(CMD_rviminfo, "rviminfo", ex_viminfo, @@ -972,11 +973,11 @@ EX(CMD_tabrewind, "tabrewind", ex_tabnex EX(CMD_tabs, "tabs", ex_tabs, TRLBAR|CMDWIN), EX(CMD_tcl, "tcl", ex_tcl, - RANGE|EXTRA|NEEDARG|CMDWIN), + RANGE|EXTRA|NEEDARG|CMDWIN|EX_RESTRICT), EX(CMD_tcldo, "tcldo", ex_tcldo, - RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN), + RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN|EX_RESTRICT), EX(CMD_tclfile, "tclfile", ex_tclfile, - RANGE|FILE1|NEEDARG|CMDWIN), + RANGE|FILE1|NEEDARG|CMDWIN|EX_RESTRICT), EX(CMD_tearoff, "tearoff", ex_tearoff, NEEDARG|EXTRA|TRLBAR|NOTRLCOM|CMDWIN), EX(CMD_tfirst, "tfirst", ex_tag, Index: vim74/src/if_perl.xs =================================================================== --- vim74.orig/src/if_perl.xs +++ vim74/src/if_perl.xs @@ -816,6 +816,7 @@ VIM_init() #ifdef DYNAMIC_PERL static char *e_noperl = N_("Sorry, this command is disabled: the Perl library could not be loaded."); #endif +static char *e_perlsandbox = N_("E299: Perl evaluation forbidden in sandbox without the Safe module"); /* * ":perl" @@ -865,13 +866,12 @@ ex_perl(eap) vim_free(script); } -#ifdef HAVE_SANDBOX - if (sandbox) + if (sandbox || secure) { safe = perl_get_sv("VIM::safe", FALSE); # ifndef MAKE_TEST /* avoid a warning for unreachable code */ if (safe == NULL || !SvTRUE(safe)) - EMSG(_("E299: Perl evaluation forbidden in sandbox without the Safe module")); + EMSG(_(e_perlsandbox)); else # endif { @@ -883,7 +883,7 @@ ex_perl(eap) } } else -#endif + perl_eval_sv(sv, G_DISCARD | G_NOARGS); SvREFCNT_dec(sv);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor