On 4/28/07, Bram Moolenaar <[EMAIL PROTECTED]> wrote:
>It's better to make sure the sandbox works as it should.
Yet another function to disable in sandbox:
vi: fdm=expr fde=writefile([""],"phantom_was_here")
Proposal. Maybe it's sane to put security checks not just in
functions like f_writefile(), but also put it to the core of fileio,
e.g. if mch_fopen macro will check permissions before actual openning
file, then f_writefile() and freinds if any will fail to harm user.
i.e. replace something like this:
=CUT============================
--- macros.h.orig 2007-04-29 00:57:16.000000000 +0700
+++ macros.h 2007-04-29 00:58:38.000000000 +0700
@@ -149,7 +149,7 @@
#ifdef VMS
# define mch_access(n, p) access(vms_fixfilename(n), (p))
/* see mch_open() comment */
-# define mch_fopen(n, p) fopen(vms_fixfilename(n), (p))
+# define mch_fopen_impl(n, p) fopen(vms_fixfilename(n), (p))
# define mch_fstat(n, p) fstat(vms_fixfilename(n), (p))
/* VMS does not have lstat() */
# define mch_stat(n, p) stat(vms_fixfilename(n), (p))
@@ -158,7 +158,7 @@
# define mch_access(n, p) access((n), (p))
# endif
# if !(defined(FEAT_MBYTE) && defined(WIN3264))
-# define mch_fopen(n, p) fopen((n), (p))
+# define mch_fopen_impl(n, p) fopen((n), (p))
# endif
# define mch_fstat(n, p) fstat((n), (p))
# ifdef MSWIN /* has it's own mch_stat() function */
@@ -174,6 +174,9 @@
# endif
#endif
+
+#define mch_fopen(n, p) ( check_secure() ? NULL : mch_fopen_impl(n,p) )
+
#ifdef HAVE_LSTAT
# define mch_lstat(n, p) lstat((n), (p))
#else
=/CUT===========================
