>>> place your cursor on 'pwnme', and press K. xclock appears. >> Yeah, this is the kind of exploit where you have to tell the user to do >> something stupid and them blame Vim that the user is stupid.
Yes. Still...that seems to be the current trend... >> The command executed can be an shell alias. The command may not be in >> $PATH. And a few other reasons we don't see right now. > > execlp() handles commands not in $PATH just fine, as long as its first > parameter is an absolute or relative path, rather than just a > filename. And a shell alias being used there is definitely not a good > thing - and is not done by default. If you want to replace or create > a program, you create a script, if you want to change the way a > program is used interactively, you use an alias. Aliases are > certainly not designed to ever be called from an external program, and > forcing bash to pretend to be an interactive shell when it's not, in > fact, being used interactively, just for the sake of expanding > aliases, is a Bad Thing. I agree aliases should be interactive, and not used here. However, $PATH and so on is often set/adjusted from shell startup files, and particularly when using gvim started via GUI, etc., this can be relevant. On the other side, shell escaping when exactly which shell is being used is not known is a nightmare, too. I think it's one of those issues where there are so many good arguments on both sides, it comes down to a matter of opinion. Ben. --~--~---------~--~----~------------~-------~--~----~ You received this message from the "vim_dev" maillist. For more information, visit http://www.vim.org/maillist.php -~----------~----~----~----~------~----~------~--~---
