Steve Hall wrote:
On Fri, 2007-03-16 at 13:26 -0500, fREW wrote:
Isn't a vimball just another archive?  It seems, according to the
vimball help file that it's just a bunch of inert files.  It doesn't
really run anything...  Maybe I am wrong, though.

When you use :source filename, Vim executes the code in filename.
Vimscript (and thereby, a vimball) can do anything to the machine your
user permissions allow you to do.

Not that I expect anything evil from this community, just the
opposite. But I think the concept is broken and is much less obvious
than a simple .tar.gz. (Especially on Windows, and ESPECIALLY with an
extension like ".vba"!)



Sure. But you don't _have_ to source it. Since 15 June 2006, you can use instead

        :UseVimball /temp

to unpack it into subdirectories of /temp where the unpacked scripts can do nothing harmful to your Vim installation. You can then examine them there at your leisure.

BTW, a common format for distributing zipfiles is a self-extracting .exe -- like, for instance, your own Vim installers. I suppose I needn't point out that an .exe can potentially do anything to your Windows system that your permissions allow it to do -- not that I expect anything evil from you, Steve, quite the opposite. But the concept can quite arguably be described as broken and much less obvious than a simple .zip.


Best regards,
Tony.
--
"The Schizophrenic: An Unauthorized Autobiography"

Reply via email to