Matt Wozniski wrote:
> On Wed, Aug 20, 2008 at 4:33 AM, Tony Mechelynck wrote: > > > > On 20/08/08 09:47, Jan Minář wrote: > >> > >> The above will of course not work. The following will: > >> > >> /* We use an obscure glibc function -- check out the man page! */ > >> clockface =&(xclock)&pwnme (a, b, x + y); > >> /* :vim:iskeyword=a-z,&,),(: */ > > > > No error this time, but still says ":!seamonkey clockface" and loads > > http://www.apple.com/ > > Jan got the exploit right, but formatted his modeline wrong. Try this > document: > /* We use an obscure glibc function -- check out the man page! */ > clockface = &(xclock)&pwnme (a, b, x + y); > /* vim: set iskeyword=a-z,&,),(: */ > > Make sure ":verbose set isk?" correctly says > iskeyword=a-z,&,),( > Last set from modeline > > place your cursor on 'pwnme', and press K. xclock appears. Yeah, this is the kind of exploit where you have to tell the user to do something stupid and them blame Vim that the user is stupid. > > Well, I couldn't reproduce your exploit with the Mozilla SeaMonkey > > 2.0a1pre browser. You can see its UA string in the headers of this post. > > The browser being used has nothing to do with the exploit; it's all in > the shell expansions before the browser is launched. In fact, in > cases like this I don't think we should be using the shell at all, for > reasons just like this one. I can see no real argument for why K > ought to behave like: > exe '!' . &kp . ' ' . expand("<cword>") > > Is there any reason why we would ever want shell syntax to affect > keyword lookups? I think that K ought to behave more like > execlp(&kp, &kp, expand("<cword>"), (char *)NULL); > Of course, this is muddled C and Vimscript pseudo-code, but you get the idea. > > OTOH, :! probably ought to continue using the shell so that you can > do, for instance, > :!ls | grep foo The command executed can be an shell alias. The command may not be in $PATH. And a few other reasons we don't see right now. -- I once paid $12 to peer at the box that held King Tutankhamen's little bandage-covered midget corpse at the De Young Museum in San Francisco. I remember thinking how pleased he'd be about the way things turned out in his afterlife. (Scott Adams - The Dilbert principle) /// Bram Moolenaar -- [EMAIL PROTECTED] -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ download, build and distribute -- http://www.A-A-P.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org /// --~--~---------~--~----~------------~-------~--~----~ You received this message from the "vim_dev" maillist. For more information, visit http://www.vim.org/maillist.php -~----------~----~----~----~------~----~------~--~---
