Patch 7.3.070
Problem: Can set environment variables in the sandbox, could be abused.
Solution: Disallow it.
Files: src/eval.c
*** ../vim-7.3.069/src/eval.c 2010-11-10 20:31:24.000000000 +0100
--- src/eval.c 2010-12-02 14:42:31.000000000 +0100
***************
*** 2326,2332 ****
else if (endchars != NULL
&& vim_strchr(endchars, *skipwhite(arg)) == NULL)
EMSG(_(e_letunexp));
! else
{
c1 = name[len];
name[len] = NUL;
--- 2326,2332 ----
else if (endchars != NULL
&& vim_strchr(endchars, *skipwhite(arg)) == NULL)
EMSG(_(e_letunexp));
! else if (!check_secure())
{
c1 = name[len];
name[len] = NUL;
*** ../vim-7.3.069/src/version.c 2010-11-24 18:48:08.000000000 +0100
--- src/version.c 2010-12-02 14:46:44.000000000 +0100
***************
*** 716,717 ****
--- 716,719 ----
{ /* Add new patch number below this line */
+ /**/
+ 70,
/**/
--
The only way the average employee can speak to an executive is by taking a
second job as a golf caddie.
(Scott Adams - The Dilbert principle)
/// Bram Moolenaar -- b...@moolenaar.net -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ an exciting new programming language -- http://www.Zimbu.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
