On Sat, 28 Apr 2007 21:52:07 +0200 Bram Moolenaar <[EMAIL PROTECTED]> wrote: > I don't like this solution. Opening some files would be OK in the > sandbox, e.g., for reading. readfile() would be OK in the sandbox, > right?
Probably not. In a multi-user environment it can be used as a privilege escalation by inserting the contents of a non-world-readable file into a world-readable file when the latter is edited by a user with elevated privileges. -- Ciaran McCreesh
signature.asc
Description: PGP signature
