To: vim_dev@googlegroups.com
Subject: Patch 7.3.070
Fcc: outbox
From: Bram Moolenaar <Bram@moolenaar.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
------------
Patch 7.3.070
Problem: Can set environment variables in the sandbox, could be abused.
Solution: Disallow it.
Files: src/eval.c
*** ../vim-7.3.069/src/eval.c 2010-11-10 20:31:24.000000000 +0100
--- src/eval.c 2010-12-02 14:42:31.000000000 +0100
***************
*** 2326,2332 ****
else if (endchars != NULL
&& vim_strchr(endchars, *skipwhite(arg)) == NULL)
EMSG(_(e_letunexp));
! else
{
c1 = name[len];
name[len] = NUL;
--- 2326,2332 ----
else if (endchars != NULL
&& vim_strchr(endchars, *skipwhite(arg)) == NULL)
EMSG(_(e_letunexp));
! else if (!check_secure())
{
c1 = name[len];
name[len] = NUL;
*** ../vim-7.3.069/src/version.c 2010-11-24 18:48:08.000000000 +0100
--- src/version.c 2010-12-02 14:46:44.000000000 +0100
***************
*** 716,717 ****
--- 716,719 ----
{ /* Add new patch number below this line */
+ /**/
+ 70,
/**/
--
The only way the average employee can speak to an executive is by taking a
second job as a golf caddie.
(Scott Adams - The Dilbert principle)
/// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ an exciting new programming language -- http://www.Zimbu.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///