Nikolai Weibull wrote:
On 6/6/06, Martin Povolný <[EMAIL PROTECTED]> wrote:
Hallo,
I have tested ruby code completion in vim and found that it is quite
insecure.
Lets have file 'a.rb':
system('echo vim je pako > /tmp/pako')
class MyTest
def test
return 1
end
end
And then some file we edit e.g. 'b.rb':
require 'a'
Here's where it happens. It will actually require 'a' so that it
knows about the stuff in that file. $SAFE _may_ be a solution.
I understand how and why it happends. I report that it is a
_security_problem_ and it should be fixed.
Regards,
--
Mgr. Martin Povolný, soLNet, s.r.o.,
+420777714458, [EMAIL PROTECTED]
