Tom Link wrote:
> When code is evaluated in a sandbox, vim disallows using certain
> commands and setting certain options. It doesn't disable setting
> variables though.
>
> Is there a way to mark a variable as security relevant so that code
> evaluated in the sandbox isn't allowed to change it? Something like:
>
> :let g:plugin_foo_cmd = 'rm -rf ~/*'
> :protect g:plugin_foo_cmd
>
> :function OmnipotentFunction()
> : !rm -rf ~/*
> :endf
> :protect OmnipotentFunction
>
> With the increased use of plugins, enhancing the sandbox this way IMHO
> seems necessary, if vim doesn't already provide it. Just a thought.
It's already disallowed to run shell commands, so protecting
OmnipotentFunction would not be needed.
It's indeed a bit of a risk that variables can be changed. Some
variables may contain commands to restore settings, for example.
And they are executed after the sandbox has been left.
Using ":protect" sounds like a good idea.
--
ARTHUR: Now stand aside worthy adversary.
BLACK KNIGHT: (Glancing at his shoulder) 'Tis but a scratch.
ARTHUR: A scratch? Your arm's off.
"Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD
/// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ an exciting new programming language -- http://www.Zimbu.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
