Ciaran McCreesh wrote: > On Sat, 28 Apr 2007 21:52:07 +0200 > Bram Moolenaar <[EMAIL PROTECTED]> wrote: > > I don't like this solution. Opening some files would be OK in the > > sandbox, e.g., for reading. readfile() would be OK in the sandbox, > > right? > > Probably not. In a multi-user environment it can be used as a > privilege escalation by inserting the contents of a non-world-readable > file into a world-readable file when the latter is edited by a user > with elevated privileges.
In the sandbox you can't insert text into a file or buffer. Anything that requires saving text for undo is blocked. You can also get the text from an already opened file with getbufline(). It's difficult to draw a line, but I think blocking everything that writes is good enough. -- `The Guide says there is an art to flying,' said Ford, `or at least a knack. The knack lies in learning how to throw yourself at the ground and miss.' He smiled weakly. -- Douglas Adams, "The Hitchhiker's Guide to the Galaxy" /// Bram Moolenaar -- [EMAIL PROTECTED] -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ download, build and distribute -- http://www.A-A-P.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///