[vim/vim] Should P_SECURE be set to options in restricted mode? (Discussion #19698)

[pyllyukko]

To prevent potential restricted mode escapes.

E.g.:

diff --git a/src/option.c b/src/option.c
index 2228f90e3..6854dc05f 100644
--- a/src/option.c
+++ b/src/option.c
@@ -4919,7 +4919,7 @@ set_bool_option(
     char       *errmsg = NULL;
 
     // Disallow changing some options from secure mode
-    if ((secure
+    if ((secure || restricted
 #ifdef HAVE_SANDBOX
                || sandbox != 0
 #endif
@@ -5156,7 +5156,7 @@ set_num_option(
     long       *pp = (long *)varp;
 
     // Disallow changing some options from secure mode.
-    if ((secure
+    if ((secure || restricted
 #ifdef HAVE_SANDBOX
                || sandbox != 0
 #endif

—
Reply to this email directly, view it on GitHub.
You are receiving this because you are subscribed to this thread.Message ID: <vim/vim/repo-discussions/19698@github.com>

[pyllyukko]

Example of an escape:

:call writefile(["#!/bin/bash", "id > /dev/shm/proof.txt"], "/dev/shm/evil_shell.sh")
:call setfperm("/dev/shm/evil_shell.sh", "rwxr-xr-x")
:set shell=/dev/shm/evil_shell.sh
:set shellcmdflag=-c
:let x = glob("/tmp/{a,b}*")

This was only the shell variable (the most obvious), but there are probably others as well.

—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.Message ID: <vim/vim/repo-discussions/19698/comments/16229955@github.com>

[Christian Brabandt]

I think this would make sense.

—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.Message ID: <vim/vim/repo-discussions/19698/comments/16232932@github.com>

[pyllyukko]

#19848

—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.Message ID: <vim/vim/repo-discussions/19698/comments/16347415@github.com>