From d846f47cc88cd36da5ad8fd7e716552c80e3b418 Mon Sep 17 00:00:00 2001 From: Jan Edmund Lazo Date: Mon, 24 Feb 2020 20:33:43 -0500 Subject: vim-patch:8.1.0881: can execute shell commands in rvim through interfaces Problem: Can execute shell commands in rvim through interfaces. Solution: Disable using interfaces in restricted mode. Allow for writing file with writefile(), histadd() and a few others. https://github.com/vim/vim/commit/8c62a08faf89663e5633dc5036cd8695c80f1075 --- runtime/doc/starting.txt | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'runtime') diff --git a/runtime/doc/starting.txt b/runtime/doc/starting.txt index e3f0d593a7..af7d233619 100644 --- a/runtime/doc/starting.txt +++ b/runtime/doc/starting.txt @@ -184,12 +184,17 @@ argument. the 'modifiable' and 'write' options can be set to enable changes and writing. - *-Z* *restricted-mode* *E145* + *-Z* *restricted-mode* *E145* *E981* -Z Restricted mode. All commands that make use of an external shell are disabled. This includes suspending with CTRL-Z, - ":sh", filtering, the system() function, backtick expansion, - delete(), rename(), mkdir(), writefile(), libcall(), - jobstart(), etc. + ":sh", filtering, the system() function, backtick expansion + and libcall(). + Also disallowed are delete(), rename(), mkdir(), jobstart(), + etc. + Interfaces, such as Python, Ruby and Lua, are also disabled, + since they could be used to execute shell commands. + Note that the user may still find a loophole to execute a + shell command, it has only been made difficult. -e *-e* *-E* -E Start Nvim in Ex mode |gQ|. -- cgit