Commit: patch 9.2.0341: some functions can be run from the sandbox
4 views
Skip to first unread message
Christian Brabandt
Apr 14, 2026, 12:15:16 PMApr 14
to vim...@googlegroups.com
patch 9.2.0341: some functions can be run from the sandbox
Commit: https://github.com/vim/vim/commit/fcc4276db31bc35239186e62921b4ff5a15fb18e
Author: q1uf3ng <q1u...@protone.me>
Date: Tue Apr 14 15:58:40 2026 +0000
patch 9.2.0341: some functions can be run from the sandbox
Problem: some functions can be run from the sandbox
Solution: Block them, so they are not accessible from a modeline
(q1uf3ng)
closes: #19975
Co-authored-by: zeertzjq <zeer...@outlook.com>
Signed-off-by: q1uf3ng <q1u...@protone.me>
Signed-off-by: Christian Brabandt <c...@256bit.org>
diff --git a/src/evalfunc.c b/src/evalfunc.c
index f61135f77..a0fb99b73 100644
--- a/src/evalfunc.c
+++ b/src/evalfunc.c
@@ -4391,6 +4391,9 @@ f_echoraw(typval_T *argvars, typval_T *rettv UNUSED)
{
char_u *str;
+ if (check_secure())
+ return;
+
if (in_vim9script() && check_for_string_arg(argvars, 0) == FAIL)
return;
diff --git a/src/ex_cmds.h b/src/ex_cmds.h
index 7613d18aa..162156973 100644
--- a/src/ex_cmds.h
+++ b/src/ex_cmds.h
@@ -552,7 +552,7 @@ EXCMD(CMD_echomsg, "echomsg", ex_execute,
EX_EXTRA|EX_NOTRLCOM|EX_EXPR_ARG|EX_SBOXOK|EX_CMDWIN|EX_LOCK_OK,
ADDR_NONE),
EXCMD(CMD_echoconsole, "echoconsole", ex_execute,
- EX_EXTRA|EX_NOTRLCOM|EX_EXPR_ARG|EX_SBOXOK|EX_CMDWIN|EX_LOCK_OK,
+ EX_EXTRA|EX_NOTRLCOM|EX_EXPR_ARG|EX_CMDWIN|EX_LOCK_OK,
ADDR_NONE),
EXCMD(CMD_echon, "echon", ex_echo,
EX_EXTRA|EX_NOTRLCOM|EX_EXPR_ARG|EX_SBOXOK|EX_CMDWIN|EX_LOCK_OK,
diff --git a/src/filepath.c b/src/filepath.c
index 721dbc05d..492e0ad3a 100644
--- a/src/filepath.c
+++ b/src/filepath.c
@@ -823,6 +823,9 @@ f_chdir(typval_T *argvars, typval_T *rettv)
rettv->v_type = VAR_STRING;
rettv->vval.v_string = NULL;
+ if (check_secure())
+ return;
+
if (argvars[0].v_type != VAR_STRING)
{
// Returning an empty string means it failed.
@@ -1727,6 +1730,8 @@ f_readdir(typval_T *argvars, typval_T *rettv)
if (rettv_list_alloc(rettv) == FAIL)
return;
+ if (check_secure())
+ return;
if (in_vim9script()
&& (check_for_string_arg(argvars, 0) == FAIL
@@ -1780,6 +1785,8 @@ f_readdirex(typval_T *argvars, typval_T *rettv)
if (rettv_list_alloc(rettv) == FAIL)
return;
+ if (check_secure())
+ return;
if (in_vim9script()
&& (check_for_string_arg(argvars, 0) == FAIL
@@ -2051,6 +2058,9 @@ read_file_or_blob(typval_T *argvars, typval_T *rettv, int always_blob)
void
f_readblob(typval_T *argvars, typval_T *rettv)
{
+ if (check_secure())
+ return;
+
if (in_vim9script()
&& (check_for_string_arg(argvars, 0) == FAIL
|| check_for_opt_number_arg(argvars, 1) == FAIL
@@ -2067,6 +2077,9 @@ f_readblob(typval_T *argvars, typval_T *rettv)
void
f_readfile(typval_T *argvars, typval_T *rettv)
{
+ if (check_secure())
+ return;
+
if (in_vim9script()
&& (check_for_nonempty_string_arg(argvars, 0) == FAIL
|| check_for_opt_string_arg(argvars, 1) == FAIL
diff --git a/src/testdir/test_excmd.vim b/src/testdir/test_excmd.vim
index c671adfe9..cc877ce8b 100644
--- a/src/testdir/test_excmd.vim
+++ b/src/testdir/test_excmd.vim
@@ -673,6 +673,13 @@ func Sandbox_tests()
if has('unix')
call assert_fails('cd `pwd`', 'E48:')
endif
+ call assert_fails("call echoraw('test')", 'E48:')
+ call assert_fails("echoconsole 'test'", 'E48:')
+ call assert_fails("call readfile('Xsomefile')", 'E48:')
+ call assert_fails("call readblob('Xsomefile')", 'E48:')
+ call assert_fails("call readdir('.')", 'E48:')
+ call assert_fails("call readdirex('.')", 'E48:')
+ call assert_fails("call chdir('.')", 'E48:')
" some options cannot be changed in a sandbox
call assert_fails('set exrc', 'E48:')
call assert_fails('set cdpath', 'E48:')
diff --git a/src/version.c b/src/version.c
index 560233faf..ff43fbef0 100644
--- a/src/version.c
+++ b/src/version.c
@@ -734,6 +734,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 341,
/**/
340,
/**/
Commit: https://github.com/vim/vim/commit/fcc4276db31bc35239186e62921b4ff5a15fb18e
Author: q1uf3ng <q1u...@protone.me>
Date: Tue Apr 14 15:58:40 2026 +0000
patch 9.2.0341: some functions can be run from the sandbox
Problem: some functions can be run from the sandbox
Solution: Block them, so they are not accessible from a modeline
(q1uf3ng)
closes: #19975
Co-authored-by: zeertzjq <zeer...@outlook.com>
Signed-off-by: q1uf3ng <q1u...@protone.me>
Signed-off-by: Christian Brabandt <c...@256bit.org>
diff --git a/src/evalfunc.c b/src/evalfunc.c
index f61135f77..a0fb99b73 100644
--- a/src/evalfunc.c
+++ b/src/evalfunc.c
@@ -4391,6 +4391,9 @@ f_echoraw(typval_T *argvars, typval_T *rettv UNUSED)
{
char_u *str;
+ if (check_secure())
+ return;
+
if (in_vim9script() && check_for_string_arg(argvars, 0) == FAIL)
return;
diff --git a/src/ex_cmds.h b/src/ex_cmds.h
index 7613d18aa..162156973 100644
--- a/src/ex_cmds.h
+++ b/src/ex_cmds.h
@@ -552,7 +552,7 @@ EXCMD(CMD_echomsg, "echomsg", ex_execute,
EX_EXTRA|EX_NOTRLCOM|EX_EXPR_ARG|EX_SBOXOK|EX_CMDWIN|EX_LOCK_OK,
ADDR_NONE),
EXCMD(CMD_echoconsole, "echoconsole", ex_execute,
- EX_EXTRA|EX_NOTRLCOM|EX_EXPR_ARG|EX_SBOXOK|EX_CMDWIN|EX_LOCK_OK,
+ EX_EXTRA|EX_NOTRLCOM|EX_EXPR_ARG|EX_CMDWIN|EX_LOCK_OK,
ADDR_NONE),
EXCMD(CMD_echon, "echon", ex_echo,
EX_EXTRA|EX_NOTRLCOM|EX_EXPR_ARG|EX_SBOXOK|EX_CMDWIN|EX_LOCK_OK,
diff --git a/src/filepath.c b/src/filepath.c
index 721dbc05d..492e0ad3a 100644
--- a/src/filepath.c
+++ b/src/filepath.c
@@ -823,6 +823,9 @@ f_chdir(typval_T *argvars, typval_T *rettv)
rettv->v_type = VAR_STRING;
rettv->vval.v_string = NULL;
+ if (check_secure())
+ return;
+
if (argvars[0].v_type != VAR_STRING)
{
// Returning an empty string means it failed.
@@ -1727,6 +1730,8 @@ f_readdir(typval_T *argvars, typval_T *rettv)
if (rettv_list_alloc(rettv) == FAIL)
return;
+ if (check_secure())
+ return;
if (in_vim9script()
&& (check_for_string_arg(argvars, 0) == FAIL
@@ -1780,6 +1785,8 @@ f_readdirex(typval_T *argvars, typval_T *rettv)
if (rettv_list_alloc(rettv) == FAIL)
return;
+ if (check_secure())
+ return;
if (in_vim9script()
&& (check_for_string_arg(argvars, 0) == FAIL
@@ -2051,6 +2058,9 @@ read_file_or_blob(typval_T *argvars, typval_T *rettv, int always_blob)
void
f_readblob(typval_T *argvars, typval_T *rettv)
{
+ if (check_secure())
+ return;
+
if (in_vim9script()
&& (check_for_string_arg(argvars, 0) == FAIL
|| check_for_opt_number_arg(argvars, 1) == FAIL
@@ -2067,6 +2077,9 @@ f_readblob(typval_T *argvars, typval_T *rettv)
void
f_readfile(typval_T *argvars, typval_T *rettv)
{
+ if (check_secure())
+ return;
+
if (in_vim9script()
&& (check_for_nonempty_string_arg(argvars, 0) == FAIL
|| check_for_opt_string_arg(argvars, 1) == FAIL
diff --git a/src/testdir/test_excmd.vim b/src/testdir/test_excmd.vim
index c671adfe9..cc877ce8b 100644
--- a/src/testdir/test_excmd.vim
+++ b/src/testdir/test_excmd.vim
@@ -673,6 +673,13 @@ func Sandbox_tests()
if has('unix')
call assert_fails('cd `pwd`', 'E48:')
endif
+ call assert_fails("call echoraw('test')", 'E48:')
+ call assert_fails("echoconsole 'test'", 'E48:')
+ call assert_fails("call readfile('Xsomefile')", 'E48:')
+ call assert_fails("call readblob('Xsomefile')", 'E48:')
+ call assert_fails("call readdir('.')", 'E48:')
+ call assert_fails("call readdirex('.')", 'E48:')
+ call assert_fails("call chdir('.')", 'E48:')
" some options cannot be changed in a sandbox
call assert_fails('set exrc', 'E48:')
call assert_fails('set cdpath', 'E48:')
diff --git a/src/version.c b/src/version.c
index 560233faf..ff43fbef0 100644
--- a/src/version.c
+++ b/src/version.c
@@ -734,6 +734,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 341,
/**/
340,
/**/
Reply all
Reply to author
Forward
0 new messages