diff options
| -rw-r--r-- | runtime/doc/options.txt | 13 | ||||
| -rw-r--r-- | runtime/doc/vim_diff.txt | 3 | ||||
| -rw-r--r-- | src/nvim/ex_cmds.c | 9 | ||||
| -rw-r--r-- | src/nvim/ex_docmd.c | 3 | ||||
| -rw-r--r-- | src/nvim/fileio.c | 3 | ||||
| -rw-r--r-- | src/nvim/globals.h | 5 | ||||
| -rw-r--r-- | src/nvim/main.c | 23 | ||||
| -rw-r--r-- | src/nvim/mapping.c | 3 | ||||
| -rw-r--r-- | src/nvim/options.lua | 2 | ||||
| -rw-r--r-- | src/nvim/runtime.c | 2 |
10 files changed, 14 insertions, 52 deletions
diff --git a/runtime/doc/options.txt b/runtime/doc/options.txt index 6c1edb9c69..0895d980f5 100644 --- a/runtime/doc/options.txt +++ b/runtime/doc/options.txt @@ -5129,19 +5129,6 @@ A jump table for the options with a short description can be found at |Q_op|. two letters (See |object-motions|). The default makes a section start at the nroff macros ".SH", ".NH", ".H", ".HU", ".nh" and ".sh". - *'secure'* *'nosecure'* *E523* -'secure' boolean (default off) - global - When on, ":autocmd", shell and write commands are not allowed in - ".nvimrc" and ".exrc" in the current directory and map commands are - displayed. Switch it off only if you know that you will not run into - problems, or when the 'exrc' option is off. On Unix this option is - only used if the ".nvimrc" or ".exrc" is not owned by you. This can be - dangerous if the systems allows users to do a "chown". You better set - 'secure' at the end of your |init.vim| then. - This option cannot be set from a |modeline| or in the |sandbox|, for - security reasons. - *'selection'* *'sel'* 'selection' 'sel' string (default "inclusive") global diff --git a/runtime/doc/vim_diff.txt b/runtime/doc/vim_diff.txt index 357024aca0..b5222c9ddd 100644 --- a/runtime/doc/vim_diff.txt +++ b/runtime/doc/vim_diff.txt @@ -641,6 +641,9 @@ Options: *'prompt'* *'noprompt'* *'remap'* *'noremap'* *'restorescreen'* *'rs'* *'norestorescreen'* *'nors'* + *'secure'* + Everything is allowed in 'exrc' files since they must be explicitly marked + trusted. *'shelltype'* *'shortname'* *'sn'* *'noshortname'* *'nosn'* *'swapsync'* *'sws'* diff --git a/src/nvim/ex_cmds.c b/src/nvim/ex_cmds.c index c6dd30e549..1efde7ef3f 100644 --- a/src/nvim/ex_cmds.c +++ b/src/nvim/ex_cmds.c @@ -1134,8 +1134,7 @@ void do_bang(int addr_count, exarg_T *eap, bool forceit, bool do_in, bool do_out int scroll_save = msg_scroll; // - // Disallow shell commands from .exrc and .vimrc in current directory for - // security reasons. + // Disallow shell commands in secure mode // if (check_secure()) { return; @@ -1477,8 +1476,7 @@ filterend: /// @param flags may be SHELL_DOOUT when output is redirected void do_shell(char *cmd, int flags) { - // Disallow shell commands from .exrc and .vimrc in current directory for - // security reasons. + // Disallow shell commands in secure mode if (check_secure()) { msg_end(); return; @@ -3215,8 +3213,7 @@ void ex_z(exarg_T *eap) ex_no_reprint = true; } -/// @return true if the secure flag is set (.exrc or .vimrc in current directory) -/// and also give an error message. +/// @return true if the secure flag is set and also give an error message. /// Otherwise, return false. bool check_secure(void) { diff --git a/src/nvim/ex_docmd.c b/src/nvim/ex_docmd.c index e0e4fa332f..0733bcf683 100644 --- a/src/nvim/ex_docmd.c +++ b/src/nvim/ex_docmd.c @@ -4223,8 +4223,7 @@ theend: static void ex_autocmd(exarg_T *eap) { - // Disallow autocommands from .exrc and .vimrc in current - // directory for security reasons. + // Disallow autocommands in secure mode. if (secure) { secure = 2; eap->errmsg = _(e_curdir); diff --git a/src/nvim/fileio.c b/src/nvim/fileio.c index 6c5469d020..d6bc861c09 100644 --- a/src/nvim/fileio.c +++ b/src/nvim/fileio.c @@ -2211,8 +2211,7 @@ int buf_write(buf_T *buf, char *fname, char *sfname, linenr_T start, linenr_T en return FAIL; } - // Disallow writing from .exrc and .vimrc in current directory for - // security reasons. + // Disallow writing in secure mode. if (check_secure()) { return FAIL; } diff --git a/src/nvim/globals.h b/src/nvim/globals.h index 76f62fe267..130f3f6c48 100644 --- a/src/nvim/globals.h +++ b/src/nvim/globals.h @@ -489,8 +489,7 @@ EXTERN int stdin_fd INIT(= -1); // true when doing full-screen output, otherwise only writing some messages. EXTERN int full_screen INIT(= false); -/// Non-zero when only "safe" commands are allowed, e.g. when sourcing .exrc or -/// .vimrc in current directory. +/// Non-zero when only "safe" commands are allowed EXTERN int secure INIT(= 0); /// Non-zero when changing text and jumping to another window or editing another buffer is not @@ -864,7 +863,7 @@ EXTERN char e_api_spawn_failed[] INIT(= N_("E903: Could not spawn API job")); EXTERN char e_argreq[] INIT(= N_("E471: Argument required")); EXTERN char e_backslash[] INIT(= N_("E10: \\ should be followed by /, ? or &")); EXTERN char e_cmdwin[] INIT(= N_("E11: Invalid in command-line window; <CR> executes, CTRL-C quits")); -EXTERN char e_curdir[] INIT(= N_("E12: Command not allowed from exrc/vimrc in current dir or tag search")); +EXTERN char e_curdir[] INIT(= N_("E12: Command not allowed in secure mode in current dir or tag search")); EXTERN char e_command_too_recursive[] INIT(= N_("E169: Command too recursive")); EXTERN char e_endif[] INIT(= N_("E171: Missing :endif")); EXTERN char e_endtry[] INIT(= N_("E600: Missing :endtry")); diff --git a/src/nvim/main.c b/src/nvim/main.c index e8c1c98c38..a369ca0256 100644 --- a/src/nvim/main.c +++ b/src/nvim/main.c @@ -1989,32 +1989,15 @@ static void source_startup_scripts(const mparm_T *const parmp) do_system_initialization(); if (do_user_initialization()) { - // Read initialization commands from ".vimrc" or ".exrc" in current + // Read initialization commands from ".nvimrc" or ".exrc" in current // directory. This is only done if the 'exrc' option is set. - // Because of security reasons we disallow shell and write commands - // now, except for unix if the file is owned by the user or 'secure' - // option has been reset in environment of global "exrc" or "vimrc". // Only do this if VIMRC_FILE is not the same as vimrc file sourced in // do_user_initialization. -#if defined(UNIX) - // If vimrc file is not owned by user, set 'secure' mode. - if (!os_file_owned(VIMRC_FILE)) // NOLINT(readability/braces) -#endif - secure = p_secure; - char *str = nlua_read_secure(VIMRC_FILE); if (str != NULL) { do_source_str(str, VIMRC_FILE); xfree(str); } else { -#if defined(UNIX) - // if ".exrc" is not owned by user set 'secure' mode - if (!os_file_owned(EXRC_FILE)) { - secure = p_secure; - } else { - secure = 0; - } -#endif str = nlua_read_secure(EXRC_FILE); if (str != NULL) { do_source_str(str, EXRC_FILE); @@ -2022,10 +2005,6 @@ static void source_startup_scripts(const mparm_T *const parmp) } } } - if (secure == 2) { - need_wait_return = true; - } - secure = 0; } TIME_MSG("sourcing vimrc file(s)"); } diff --git a/src/nvim/mapping.c b/src/nvim/mapping.c index 9b10ea901e..76a646083e 100644 --- a/src/nvim/mapping.c +++ b/src/nvim/mapping.c @@ -2446,8 +2446,7 @@ void ex_abbreviate(exarg_T *eap) /// ":map" and friends. void ex_map(exarg_T *eap) { - // If we are sourcing .exrc or .vimrc in current directory we - // print the mappings for security reasons. + // If we are in a secure mode we print the mappings for security reasons. if (secure) { secure = 2; msg_outtrans(eap->cmd); diff --git a/src/nvim/options.lua b/src/nvim/options.lua index dc0561d560..1cf8ab3253 100644 --- a/src/nvim/options.lua +++ b/src/nvim/options.lua @@ -2007,7 +2007,7 @@ return { }, { full_name='secure', - short_desc=N_("mode for reading .vimrc in current dir"), + short_desc=N_("No description"), type='bool', scope={'global'}, secure=true, varname='p_secure', diff --git a/src/nvim/runtime.c b/src/nvim/runtime.c index e1a2483438..db8dc04907 100644 --- a/src/nvim/runtime.c +++ b/src/nvim/runtime.c @@ -1930,7 +1930,7 @@ int do_source(char *fname, int check_other, int is_vimrc) cookie.fp = fopen_noinh_readbin(fname_exp); if (cookie.fp == NULL && check_other) { - // Try again, replacing file name ".vimrc" by "_vimrc" or vice versa, + // Try again, replacing file name ".nvimrc" by "_nvimrc" or vice versa, // and ".exrc" by "_exrc" or vice versa. p = path_tail(fname_exp); if ((*p == '.' || *p == '_') |