Patch 8.2.4282

[Bram Moolenaar]

Patch 8.2.4282
Problem: Restricted mode requires the -Z command line option.
Solution: Use restricted mode when $SHELL ends in "nologin" or "false".
(closes #9681)
Files: runtime/doc/starting.txt, src/option.c,
src/testdir/test_restricted.vim


*** ../vim-8.2.4281/runtime/doc/starting.txt 2021-05-29 18:53:46.455055663 +0100
--- runtime/doc/starting.txt 2022-02-01 17:23:57.358435792 +0000
***************
*** 256,261 ****
--- 256,263 ----
Interfaces, such as Python, Ruby and Lua, are also disabled,
since they could be used to execute shell commands. Perl uses
the Safe module.
+ For Unix restricted mode is used when the last part of $SHELL
+ is "nologin" or "false".
Note that the user may still find a loophole to execute a
shell command, it has only been made difficult.

*** ../vim-8.2.4281/src/option.c 2022-01-31 14:59:33.518943700 +0000
--- src/option.c 2022-02-01 17:17:15.275300416 +0000
***************
*** 307,312 ****
--- 307,323 ----
*/
set_options_default(0);

+ #ifdef UNIX
+ // Force restricted-mode on for "nologin" or "false" $SHELL
+ p = get_isolated_shell_name();
+ if (p != NULL)
+ {
+ if (fnamecmp(p, "nologin") == 0 || fnamecmp(p, "false") == 0)
+ restricted = TRUE;
+ vim_free(p);
+ }
+ #endif
+
#ifdef CLEAN_RUNTIMEPATH
if (clean_arg)
{
*** ../vim-8.2.4281/src/testdir/test_restricted.vim 2020-03-30 18:36:42.851754324 +0100
--- src/testdir/test_restricted.vim 2022-02-01 17:22:29.774654429 +0000
***************
*** 105,110 ****
--- 105,118 ----
if RunVim([], [], '-Z --clean -S Xrestricted')
call assert_equal([], readfile('Xresult'))
endif
+ call delete('Xresult')
+ if has('unix') && RunVimPiped([], [], '--clean -S Xrestricted', 'SHELL=/bin/false ')
+ call assert_equal([], readfile('Xresult'))
+ endif
+ call delete('Xresult')
+ if has('unix') && RunVimPiped([], [], '--clean -S Xrestricted', 'SHELL=/sbin/nologin')
+ call assert_equal([], readfile('Xresult'))
+ endif

call delete('Xrestricted')
call delete('Xresult')
*** ../vim-8.2.4281/src/version.c 2022-02-01 13:54:11.651302024 +0000
--- src/version.c 2022-02-01 17:24:13.534396192 +0000
***************
*** 748,749 ****
--- 748,751 ----
{ /* Add new patch number below this line */
+ /**/
+ 4282,
/**/

--
Team-building exercises come in many forms but they all trace their roots back
to the prison system. In your typical team-building exercise the employees
are subjected to a variety of unpleasant situations until they become either a
cohesive team or a ring of car jackers.
(Scott Adams - The Dilbert principle)

/// Bram Moolenaar -- Br...@Moolenaar.net -- http://www.Moolenaar.net \\\
/// \\\
\\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///