Tony Mechelynck wrote:
> Tomas Golembiovsky wrote:
> > Greetings mortals,
> >
> > today somebody came to #vim, and pasted some modeline (containig joke or
> > such). He muttered something about not knowing what that means and left
> > before long. But (!) what I noticed is that feedkeys() was used as part of
> > foldexpression and it turned out that feedkeys() is allowed in sandbox,
> > which means malicious file can run arbitrary command via modeline like
> > this:
> >
> > vim: fdm=expr fde=feedkeys("\\:!touch\ phantom_was_here\\<cr>")
> >
> > I guess you can see the consequences. Is this known/intentional?
> >
>
> IIUC, feedkeys() called from sandbox should execute as if in sandbox,
> i.e., only (at most) key sequences acceptable in sandbox should be
> able to be "fed".
>
> Now this is what I think it "ought" to do. How does it "actually"
> behave? Did you try your example? Did it "touch" the file?
That was the idea: The "sandbox" flag is checked when the keys are
executed. However, the sandbox flag may have been reset by then, as the
example shows. Thus feedkeys() needs to be disallowed in the sandbox.
--
I have a drinking problem -- I don't have a drink!
/// Bram Moolenaar -- [EMAIL PROTECTED] -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ download, build and distribute -- http://www.A-A-P.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
