patch 8.1.0881: can execute shell commands in rvim through interfacesv8.1.0881

Problem: Can execute shell commands in rvim through interfaces. Solution: Disable using interfaces in restricted mode. Allow for writing file with writefile(), histadd() and a few others.
author: Bram Moolenaar <Bram@vim.org> 2019-02-08 14:34:10 +0100
committer: Bram Moolenaar <Bram@vim.org> 2019-02-08 14:34:10 +0100
commit: 8c62a08faf89663e5633dc5036cd8695c80f1075 (patch)
tree: af5faafe055ea91f652f006d05a29a2dd5c8521b /runtime
parent: c6ddce3f2cf6daa3a545405373b661f8a9bccad9 (diff)
1 files changed, 10 insertions, 4 deletions
diff --git a/runtime/doc/starting.txt b/runtime/doc/starting.txt
index 711a4876b6..6289e9c8f7 100644
--- a/runtime/doc/starting.txt
+++ b/runtime/doc/starting.txt
@@ -248,12 +248,18 @@ a slash.  Thus "-R" means recovery and "-/R" readonly.
 		changes and writing.
 		{not in Vi}
 
-						*-Z* *restricted-mode* *E145*
+					*-Z* *restricted-mode* *E145* *E981*
 -Z		Restricted mode.  All commands that make use of an external
 		shell are disabled.  This includes suspending with CTRL-Z,
-		":sh", filtering, the system() function, backtick expansion,
-		delete(), rename(), mkdir(), writefile(), libcall(),
-		job_start(), etc.
+		":sh", filtering, the system() function, backtick expansion
+		and libcall().
+		Also disallowed are delete(), rename(), mkdir(), job_start(),
+		etc.
+		Interfaces, such as Python, Ruby and Lua, are also disabled,
+		since they could be used to execute shell commands.  Perl uses
+		the Safe module.
+		Note that the user may still find a loophole to execute a
+		shell command, it has only been made difficult.
 		{not in Vi}
 
 							*-g*
author	Bram Moolenaar <Bram@vim.org>	2019-02-08 14:34:10 +0100
committer	Bram Moolenaar <Bram@vim.org>	2019-02-08 14:34:10 +0100
commit	8c62a08faf89663e5633dc5036cd8695c80f1075 (patch)
tree	af5faafe055ea91f652f006d05a29a2dd5c8521b /runtime
parent	c6ddce3f2cf6daa3a545405373b661f8a9bccad9 (diff)