summaryrefslogtreecommitdiffstats
path: root/debian/patches/upstream/patch-8.1.0881-can-execute-shell-commands-in-rvim-through.patch
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-06 02:44:26 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-06 02:44:26 +0000
commit0cde7a370d07f80208bcd29597cf30d5274f38b0 (patch)
treee228a85db87eb0491d2937e213bbbab19826b682 /debian/patches/upstream/patch-8.1.0881-can-execute-shell-commands-in-rvim-through.patch
parentAdding upstream version 2:8.1.0875. (diff)
downloadvim-0cde7a370d07f80208bcd29597cf30d5274f38b0.tar.xz
vim-0cde7a370d07f80208bcd29597cf30d5274f38b0.zip
Adding debian version 2:8.1.0875-5+deb10u2.debian/2%8.1.0875-5+deb10u2
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--debian/patches/upstream/patch-8.1.0881-can-execute-shell-commands-in-rvim-through.patch378
1 files changed, 378 insertions, 0 deletions
diff --git a/debian/patches/upstream/patch-8.1.0881-can-execute-shell-commands-in-rvim-through.patch b/debian/patches/upstream/patch-8.1.0881-can-execute-shell-commands-in-rvim-through.patch
new file mode 100644
index 0000000..01e9ad7
--- /dev/null
+++ b/debian/patches/upstream/patch-8.1.0881-can-execute-shell-commands-in-rvim-through.patch
@@ -0,0 +1,378 @@
+From: Bram Moolenaar <Bram@vim.org>
+Date: Fri, 8 Feb 2019 14:34:10 +0100
+Subject: patch 8.1.0881: can execute shell commands in rvim through
+ interfaces
+
+Problem: Can execute shell commands in rvim through interfaces.
+Solution: Disable using interfaces in restricted mode. Allow for writing
+ file with writefile(), histadd() and a few others.
+(cherry picked from commit 8c62a08faf89663e5633dc5036cd8695c80f1075)
+---
+ runtime/doc/starting.txt | 14 ++++--
+ src/evalfunc.c | 22 +++++++--
+ src/ex_cmds.c | 2 +-
+ src/ex_docmd.c | 7 ++-
+ src/if_perl.xs | 13 ++---
+ src/testdir/Make_all.mak | 2 +
+ src/testdir/test_restricted.vim | 107 ++++++++++++++++++++++++++++++++++++++++
+ src/version.c | 2 +
+ 8 files changed, 151 insertions(+), 18 deletions(-)
+ create mode 100644 src/testdir/test_restricted.vim
+
+diff --git a/runtime/doc/starting.txt b/runtime/doc/starting.txt
+index 711a487..6289e9c 100644
+--- a/runtime/doc/starting.txt
++++ b/runtime/doc/starting.txt
+@@ -248,12 +248,18 @@ a slash. Thus "-R" means recovery and "-/R" readonly.
+ changes and writing.
+ {not in Vi}
+
+- *-Z* *restricted-mode* *E145*
++ *-Z* *restricted-mode* *E145* *E981*
+ -Z Restricted mode. All commands that make use of an external
+ shell are disabled. This includes suspending with CTRL-Z,
+- ":sh", filtering, the system() function, backtick expansion,
+- delete(), rename(), mkdir(), writefile(), libcall(),
+- job_start(), etc.
++ ":sh", filtering, the system() function, backtick expansion
++ and libcall().
++ Also disallowed are delete(), rename(), mkdir(), job_start(),
++ etc.
++ Interfaces, such as Python, Ruby and Lua, are also disabled,
++ since they could be used to execute shell commands. Perl uses
++ the Safe module.
++ Note that the user may still find a loophole to execute a
++ shell command, it has only been made difficult.
+ {not in Vi}
+
+ *-g*
+diff --git a/src/evalfunc.c b/src/evalfunc.c
+index fa7ed9b..eb082b7 100644
+--- a/src/evalfunc.c
++++ b/src/evalfunc.c
+@@ -6817,7 +6817,7 @@ f_histadd(typval_T *argvars UNUSED, typval_T *rettv)
+ #endif
+
+ rettv->vval.v_number = FALSE;
+- if (check_restricted() || check_secure())
++ if (check_secure())
+ return;
+ #ifdef FEAT_CMDHIST
+ str = tv_get_string_chk(&argvars[0]); /* NULL on type error */
+@@ -7898,6 +7898,9 @@ f_luaeval(typval_T *argvars, typval_T *rettv)
+ char_u *str;
+ char_u buf[NUMBUFLEN];
+
++ if (check_restricted() || check_secure())
++ return;
++
+ str = tv_get_string_buf(&argvars[0], buf);
+ do_luaeval(str, argvars + 1, rettv);
+ }
+@@ -8644,6 +8647,8 @@ f_mzeval(typval_T *argvars, typval_T *rettv)
+ char_u *str;
+ char_u buf[NUMBUFLEN];
+
++ if (check_restricted() || check_secure())
++ return;
+ str = tv_get_string_buf(&argvars[0], buf);
+ do_mzeval(str, rettv);
+ }
+@@ -8932,6 +8937,9 @@ f_py3eval(typval_T *argvars, typval_T *rettv)
+ char_u *str;
+ char_u buf[NUMBUFLEN];
+
++ if (check_restricted() || check_secure())
++ return;
++
+ if (p_pyx == 0)
+ p_pyx = 3;
+
+@@ -8950,6 +8958,9 @@ f_pyeval(typval_T *argvars, typval_T *rettv)
+ char_u *str;
+ char_u buf[NUMBUFLEN];
+
++ if (check_restricted() || check_secure())
++ return;
++
+ if (p_pyx == 0)
+ p_pyx = 2;
+
+@@ -8965,6 +8976,9 @@ f_pyeval(typval_T *argvars, typval_T *rettv)
+ static void
+ f_pyxeval(typval_T *argvars, typval_T *rettv)
+ {
++ if (check_restricted() || check_secure())
++ return;
++
+ # if defined(FEAT_PYTHON) && defined(FEAT_PYTHON3)
+ init_pyxversion();
+ if (p_pyx == 2)
+@@ -10819,7 +10833,7 @@ f_setbufvar(typval_T *argvars, typval_T *rettv UNUSED)
+ typval_T *varp;
+ char_u nbuf[NUMBUFLEN];
+
+- if (check_restricted() || check_secure())
++ if (check_secure())
+ return;
+ (void)tv_get_number(&argvars[0]); /* issue errmsg if type error */
+ varname = tv_get_string_chk(&argvars[1]);
+@@ -11341,7 +11355,7 @@ f_settabvar(typval_T *argvars, typval_T *rettv)
+
+ rettv->vval.v_number = 0;
+
+- if (check_restricted() || check_secure())
++ if (check_secure())
+ return;
+
+ tp = find_tabpage((int)tv_get_number_chk(&argvars[0], NULL));
+@@ -14714,7 +14728,7 @@ f_writefile(typval_T *argvars, typval_T *rettv)
+ blob_T *blob = NULL;
+
+ rettv->vval.v_number = -1;
+- if (check_restricted() || check_secure())
++ if (check_secure())
+ return;
+
+ if (argvars[0].v_type == VAR_LIST)
+diff --git a/src/ex_cmds.c b/src/ex_cmds.c
+index a3974c1..681ef42 100644
+--- a/src/ex_cmds.c
++++ b/src/ex_cmds.c
+@@ -4775,7 +4775,7 @@ check_restricted(void)
+ {
+ if (restricted)
+ {
+- emsg(_("E145: Shell commands not allowed in rvim"));
++ emsg(_("E145: Shell commands and some functionality not allowed in rvim"));
+ return TRUE;
+ }
+ return FALSE;
+diff --git a/src/ex_docmd.c b/src/ex_docmd.c
+index b90ea7b..ccca2f9 100644
+--- a/src/ex_docmd.c
++++ b/src/ex_docmd.c
+@@ -2007,11 +2007,16 @@ do_one_cmd(
+ #ifdef HAVE_SANDBOX
+ if (sandbox != 0 && !(ea.argt & SBOXOK))
+ {
+- /* Command not allowed in sandbox. */
++ // Command not allowed in sandbox.
+ errormsg = _(e_sandbox);
+ goto doend;
+ }
+ #endif
++ if (restricted != 0 && (ea.argt & RESTRICT))
++ {
++ errormsg = _("E981: Command not allowed in rvim");
++ goto doend;
++ }
+ if (!curbuf->b_p_ma && (ea.argt & MODIFY))
+ {
+ /* Command not allowed in non-'modifiable' buffer */
+diff --git a/src/if_perl.xs b/src/if_perl.xs
+index 203bb6a..67d0b94 100644
+--- a/src/if_perl.xs
++++ b/src/if_perl.xs
+@@ -971,6 +971,7 @@ VIM_init(void)
+ #ifdef DYNAMIC_PERL
+ static char *e_noperl = N_("Sorry, this command is disabled: the Perl library could not be loaded.");
+ #endif
++static char *e_perlsandbox = N_("E299: Perl evaluation forbidden in sandbox without the Safe module");
+
+ /*
+ * ":perl"
+@@ -1019,13 +1020,12 @@ ex_perl(exarg_T *eap)
+ vim_free(script);
+ }
+
+-#ifdef HAVE_SANDBOX
+- if (sandbox)
++ if (sandbox || secure)
+ {
+ safe = perl_get_sv("VIM::safe", FALSE);
+ # ifndef MAKE_TEST /* avoid a warning for unreachable code */
+ if (safe == NULL || !SvTRUE(safe))
+- emsg(_("E299: Perl evaluation forbidden in sandbox without the Safe module"));
++ emsg(_(e_perlsandbox));
+ else
+ # endif
+ {
+@@ -1037,7 +1037,6 @@ ex_perl(exarg_T *eap)
+ }
+ }
+ else
+-#endif
+ perl_eval_sv(sv, G_DISCARD | G_NOARGS);
+
+ SvREFCNT_dec(sv);
+@@ -1298,13 +1297,12 @@ do_perleval(char_u *str, typval_T *rettv)
+ ENTER;
+ SAVETMPS;
+
+-#ifdef HAVE_SANDBOX
+- if (sandbox)
++ if (sandbox || secure)
+ {
+ safe = get_sv("VIM::safe", FALSE);
+ # ifndef MAKE_TEST /* avoid a warning for unreachable code */
+ if (safe == NULL || !SvTRUE(safe))
+- emsg(_("E299: Perl evaluation forbidden in sandbox without the Safe module"));
++ emsg(_(e_perlsandbox));
+ else
+ # endif
+ {
+@@ -1320,7 +1318,6 @@ do_perleval(char_u *str, typval_T *rettv)
+ }
+ }
+ else
+-#endif /* HAVE_SANDBOX */
+ sv = eval_pv((char *)str, 0);
+
+ if (sv) {
+diff --git a/src/testdir/Make_all.mak b/src/testdir/Make_all.mak
+index 5857a22..2ca5f2b 100644
+--- a/src/testdir/Make_all.mak
++++ b/src/testdir/Make_all.mak
+@@ -213,6 +213,7 @@ NEW_TESTS = \
+ test_regexp_utf8 \
+ test_registers \
+ test_reltime \
++ test_restricted \
+ test_retab \
+ test_ruby \
+ test_scriptnames \
+@@ -375,6 +376,7 @@ NEW_TESTS_RES = \
+ test_quotestar.res \
+ test_regex_char_classes.res \
+ test_registers.res \
++ test_restricted.res \
+ test_retab.res \
+ test_ruby.res \
+ test_scriptnames.res \
+diff --git a/src/testdir/test_restricted.vim b/src/testdir/test_restricted.vim
+new file mode 100644
+index 0000000..9dd937c
+--- /dev/null
++++ b/src/testdir/test_restricted.vim
+@@ -0,0 +1,107 @@
++" Test for "rvim" or "vim -Z"
++
++source shared.vim
++
++func Test_restricted()
++ let cmd = GetVimCommand('Xrestricted')
++ if cmd == ''
++ return
++ endif
++
++ call writefile([
++ \ "silent !ls",
++ \ "call writefile([v:errmsg], 'Xrestrout')",
++ \ "qa!",
++ \ ], 'Xrestricted')
++ call system(cmd . ' -Z')
++ call assert_match('E145:', join(readfile('Xrestrout')))
++
++ call delete('Xrestricted')
++ call delete('Xrestrout')
++endfunc
++
++func Run_restricted_test(ex_cmd, error)
++ let cmd = GetVimCommand('Xrestricted')
++ if cmd == ''
++ return
++ endif
++
++ call writefile([
++ \ a:ex_cmd,
++ \ "call writefile([v:errmsg], 'Xrestrout')",
++ \ "qa!",
++ \ ], 'Xrestricted')
++ call system(cmd . ' -Z')
++ call assert_match(a:error, join(readfile('Xrestrout')))
++
++ call delete('Xrestricted')
++ call delete('Xrestrout')
++endfunc
++
++func Test_restricted_lua()
++ if !has('lua')
++ throw 'Skipped: Lua is not supported'
++ endif
++ call Run_restricted_test('lua print("Hello, Vim!")', 'E981:')
++ call Run_restricted_test('luado return "hello"', 'E981:')
++ call Run_restricted_test('luafile somefile', 'E981:')
++ call Run_restricted_test('call luaeval("expression")', 'E145:')
++endfunc
++
++func Test_restricted_mzscheme()
++ if !has('mzscheme')
++ throw 'Skipped: MzScheme is not supported'
++ endif
++ call Run_restricted_test('mzscheme statement', 'E981:')
++ call Run_restricted_test('mzfile somefile', 'E981:')
++ call Run_restricted_test('call mzeval("expression")', 'E145:')
++endfunc
++
++func Test_restricted_perl()
++ if !has('perl')
++ throw 'Skipped: Perl is not supported'
++ endif
++ " TODO: how to make Safe mode fail?
++ " call Run_restricted_test('perl system("ls")', 'E981:')
++ " call Run_restricted_test('perldo system("hello")', 'E981:')
++ " call Run_restricted_test('perlfile somefile', 'E981:')
++ " call Run_restricted_test('call perleval("system(\"ls\")")', 'E145:')
++endfunc
++
++func Test_restricted_python()
++ if !has('python')
++ throw 'Skipped: Python is not supported'
++ endif
++ call Run_restricted_test('python print "hello"', 'E981:')
++ call Run_restricted_test('pydo return "hello"', 'E981:')
++ call Run_restricted_test('pyfile somefile', 'E981:')
++ call Run_restricted_test('call pyeval("expression")', 'E145:')
++endfunc
++
++func Test_restricted_python3()
++ if !has('python3')
++ throw 'Skipped: Python3 is not supported'
++ endif
++ call Run_restricted_test('py3 print "hello"', 'E981:')
++ call Run_restricted_test('py3do return "hello"', 'E981:')
++ call Run_restricted_test('py3file somefile', 'E981:')
++ call Run_restricted_test('call py3eval("expression")', 'E145:')
++endfunc
++
++func Test_restricted_ruby()
++ if !has('ruby')
++ throw 'Skipped: Ruby is not supported'
++ endif
++ call Run_restricted_test('ruby print "Hello"', 'E981:')
++ call Run_restricted_test('rubydo print "Hello"', 'E981:')
++ call Run_restricted_test('rubyfile somefile', 'E981:')
++endfunc
++
++func Test_restricted_tcl()
++ if !has('tcl')
++ throw 'Skipped: Tcl is not supported'
++ endif
++ call Run_restricted_test('tcl puts "Hello"', 'E981:')
++ call Run_restricted_test('tcldo puts "Hello"', 'E981:')
++ call Run_restricted_test('tclfile somefile', 'E981:')
++endfunc
+diff --git a/src/version.c b/src/version.c
+index 1b5d863..adb3441 100644
+--- a/src/version.c
++++ b/src/version.c
+@@ -809,6 +809,8 @@ static int included_patches[] =
+ 948,
+ /**/
+ 884,
++/**/
++ 881,
+ /**/
+ 878,
+ /**/