Ciaran McCreesh wrote:
> On Sat, 28 Apr 2007 21:52:07 +0200
> Bram Moolenaar <[EMAIL PROTECTED]> wrote:
> > I don't like this solution. Opening some files would be OK in the
> > sandbox, e.g., for reading. readfile() would be OK in the sandbox,
> > right?
>
> Probably not. In a multi-user environment it can be used as a
> privilege escalation by inserting the contents of a non-world-readable
> file into a world-readable file when the latter is edited by a user
> with elevated privileges.
In the sandbox you can't insert text into a file or buffer. Anything
that requires saving text for undo is blocked.
You can also get the text from an already opened file with getbufline().
It's difficult to draw a line, but I think blocking everything that
writes is good enough.
--
`The Guide says there is an art to flying,' said Ford, `or at least a
knack. The knack lies in learning how to throw yourself at the ground
and miss.' He smiled weakly.
-- Douglas Adams, "The Hitchhiker's Guide to the Galaxy"
/// Bram Moolenaar -- [EMAIL PROTECTED] -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ download, build and distribute -- http://www.A-A-P.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
