On 4/28/07, Bram Moolenaar <[EMAIL PROTECTED]> wrote: >It's better to make sure the sandbox works as it should. Yet another function to disable in sandbox: vi: fdm=expr fde=writefile([""],"phantom_was_here")
Proposal. Maybe it's sane to put security checks not just in functions like f_writefile(), but also put it to the core of fileio, e.g. if mch_fopen macro will check permissions before actual openning file, then f_writefile() and freinds if any will fail to harm user. i.e. replace something like this: =CUT============================ --- macros.h.orig 2007-04-29 00:57:16.000000000 +0700 +++ macros.h 2007-04-29 00:58:38.000000000 +0700 @@ -149,7 +149,7 @@ #ifdef VMS # define mch_access(n, p) access(vms_fixfilename(n), (p)) /* see mch_open() comment */ -# define mch_fopen(n, p) fopen(vms_fixfilename(n), (p)) +# define mch_fopen_impl(n, p) fopen(vms_fixfilename(n), (p)) # define mch_fstat(n, p) fstat(vms_fixfilename(n), (p)) /* VMS does not have lstat() */ # define mch_stat(n, p) stat(vms_fixfilename(n), (p)) @@ -158,7 +158,7 @@ # define mch_access(n, p) access((n), (p)) # endif # if !(defined(FEAT_MBYTE) && defined(WIN3264)) -# define mch_fopen(n, p) fopen((n), (p)) +# define mch_fopen_impl(n, p) fopen((n), (p)) # endif # define mch_fstat(n, p) fstat((n), (p)) # ifdef MSWIN /* has it's own mch_stat() function */ @@ -174,6 +174,9 @@ # endif #endif + +#define mch_fopen(n, p) ( check_secure() ? NULL : mch_fopen_impl(n,p) ) + #ifdef HAVE_LSTAT # define mch_lstat(n, p) lstat((n), (p)) #else =/CUT===========================