diff options
author | Bram Moolenaar <Bram@vim.org> | 2019-02-08 14:34:10 +0100 |
---|---|---|
committer | Bram Moolenaar <Bram@vim.org> | 2019-02-08 14:34:10 +0100 |
commit | 8c62a08faf89663e5633dc5036cd8695c80f1075 (patch) | |
tree | af5faafe055ea91f652f006d05a29a2dd5c8521b /runtime/doc | |
parent | c6ddce3f2cf6daa3a545405373b661f8a9bccad9 (diff) |
patch 8.1.0881: can execute shell commands in rvim through interfacesv8.1.0881
Problem: Can execute shell commands in rvim through interfaces.
Solution: Disable using interfaces in restricted mode. Allow for writing
file with writefile(), histadd() and a few others.
Diffstat (limited to 'runtime/doc')
-rw-r--r-- | runtime/doc/starting.txt | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/runtime/doc/starting.txt b/runtime/doc/starting.txt index 711a4876b6..6289e9c8f7 100644 --- a/runtime/doc/starting.txt +++ b/runtime/doc/starting.txt @@ -248,12 +248,18 @@ a slash. Thus "-R" means recovery and "-/R" readonly. changes and writing. {not in Vi} - *-Z* *restricted-mode* *E145* + *-Z* *restricted-mode* *E145* *E981* -Z Restricted mode. All commands that make use of an external shell are disabled. This includes suspending with CTRL-Z, - ":sh", filtering, the system() function, backtick expansion, - delete(), rename(), mkdir(), writefile(), libcall(), - job_start(), etc. + ":sh", filtering, the system() function, backtick expansion + and libcall(). + Also disallowed are delete(), rename(), mkdir(), job_start(), + etc. + Interfaces, such as Python, Ruby and Lua, are also disabled, + since they could be used to execute shell commands. Perl uses + the Safe module. + Note that the user may still find a loophole to execute a + shell command, it has only been made difficult. {not in Vi} *-g* |