To: vim_dev@googlegroups.com Subject: Patch 7.3.070 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 7.3.070 Problem: Can set environment variables in the sandbox, could be abused. Solution: Disallow it. Files: src/eval.c *** ../vim-7.3.069/src/eval.c 2010-11-10 20:31:24.000000000 +0100 --- src/eval.c 2010-12-02 14:42:31.000000000 +0100 *************** *** 2326,2332 **** else if (endchars != NULL && vim_strchr(endchars, *skipwhite(arg)) == NULL) EMSG(_(e_letunexp)); ! else { c1 = name[len]; name[len] = NUL; --- 2326,2332 ---- else if (endchars != NULL && vim_strchr(endchars, *skipwhite(arg)) == NULL) EMSG(_(e_letunexp)); ! else if (!check_secure()) { c1 = name[len]; name[len] = NUL; *** ../vim-7.3.069/src/version.c 2010-11-24 18:48:08.000000000 +0100 --- src/version.c 2010-12-02 14:46:44.000000000 +0100 *************** *** 716,717 **** --- 716,719 ---- { /* Add new patch number below this line */ + /**/ + 70, /**/ -- The only way the average employee can speak to an executive is by taking a second job as a golf caddie. (Scott Adams - The Dilbert principle) /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ an exciting new programming language -- http://www.Zimbu.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///