IntenseFinance/neovim
3
0
Fork 0
mirror of https://github.com/neovim/neovim.git synced 2025-02-25 18:55:25 -06:00
Code Issues Packages Projects Releases Wiki Activity

vim-patch:8.1.0881: can execute shell commands in rvim through interfaces

Browse Source 
Problem:    Can execute shell commands in rvim through interfaces.
Solution:   Disable using interfaces in restricted mode. Allow for writing
            file with writefile(), histadd() and a few others.
8c62a08faf
This commit is contained in:
Jan Edmund Lazo 2020-02-24 20:33:43 -05:00
parent 3618fe9e8c
commit d846f47cc8
No known key found for this signature in database
GPG Key ID: 64915E6E9F735B15
5 changed files with 134 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
runtime/doc/starting.txt
View File

@ -184,12 +184,17 @@ argument.
the 'modifiable' and 'write' options can be set to enable the 'modifiable' and 'write' options can be set to enable
changes and writing. changes and writing.
*-Z* *restricted-mode* *E145* *-Z* *restricted-mode* *E145* *E981*
-Z Restricted mode. All commands that make use of an external -Z Restricted mode. All commands that make use of an external
shell are disabled. This includes suspending with CTRL-Z, shell are disabled. This includes suspending with CTRL-Z,
":sh", filtering, the system() function, backtick expansion, ":sh", filtering, the system() function, backtick expansion
delete(), rename(), mkdir(), writefile(), libcall(), and libcall().
jobstart(), etc. Also disallowed are delete(), rename(), mkdir(), jobstart(),
etc.
Interfaces, such as Python, Ruby and Lua, are also disabled,
since they could be used to execute shell commands.
Note that the user may still find a loophole to execute a
shell command, it has only been made difficult.
-e *-e* *-E* -e *-e* *-E*
-E Start Nvim in Ex mode |gQ|. -E Start Nvim in Ex mode |gQ|.

9
src/nvim/eval/funcs.c
View File

@ -4317,7 +4317,7 @@ static void f_histadd(typval_T *argvars, typval_T *rettv, FunPtr fptr)
HistoryType histype; HistoryType histype;
rettv->vval.v_number = false; rettv->vval.v_number = false;
if (check_restricted() || check_secure()) { if (check_secure()) {
return; return;
} }
const char *str = tv_get_string_chk(&argvars[0]); // NULL on type error const char *str = tv_get_string_chk(&argvars[0]); // NULL on type error
@ -7779,8 +7779,7 @@ static void f_setbufline(typval_T *argvars, typval_T *rettv, FunPtr fptr)
*/ */
static void f_setbufvar(typval_T *argvars, typval_T *rettv, FunPtr fptr) static void f_setbufvar(typval_T *argvars, typval_T *rettv, FunPtr fptr)
{ {
if (check_restricted() if (check_secure()
|| check_secure()
|| !tv_check_str_or_nr(&argvars[0])) { || !tv_check_str_or_nr(&argvars[0])) {
return; return;
} }
@ -8284,7 +8283,7 @@ static void f_settabvar(typval_T *argvars, typval_T *rettv, FunPtr fptr)
{ {
rettv->vval.v_number = 0; rettv->vval.v_number = 0;
if (check_restricted() || check_secure()) { if (check_secure()) {
return; return;
} }
@ -11005,7 +11004,7 @@ static void f_writefile(typval_T *argvars, typval_T *rettv, FunPtr fptr)
{ {
rettv->vval.v_number = -1; rettv->vval.v_number = -1;
if (check_restricted() || check_secure()) { if (check_secure()) {
return; return;
} }

18
src/nvim/ex_cmds.c
View File

@ -3008,18 +3008,18 @@ void ex_z(exarg_T *eap)
ex_no_reprint = true; ex_no_reprint = true;
} }
/* // Check if the restricted flag is set.
* Check if the restricted flag is set. // If so, give an error message and return true.
* If so, give an error message and return TRUE. // Otherwise, return false.
* Otherwise, return FALSE. bool check_restricted(void)
*/ FUNC_ATTR_PURE FUNC_ATTR_WARN_UNUSED_RESULT
int check_restricted(void)
{ {
if (restricted) { if (restricted) {
EMSG(_("E145: Shell commands not allowed in restricted mode")); EMSG(_("E145: Shell commands and some functionality not allowed"
return TRUE; " in restricted mode"));
return true;
} }
return FALSE; return false;
} }
/* /*

6
src/nvim/ex_docmd.c
View File

@ -1783,10 +1783,14 @@ static char_u * do_one_cmd(char_u **cmdlinep,
if (!ea.skip) { if (!ea.skip) {
if (sandbox != 0 && !(ea.argt & SBOXOK)) { if (sandbox != 0 && !(ea.argt & SBOXOK)) {
/* Command not allowed in sandbox. */ // Command not allowed in sandbox.
errormsg = (char_u *)_(e_sandbox); errormsg = (char_u *)_(e_sandbox);
goto doend; goto doend;
} }
if (restricted != 0 && (ea.argt & RESTRICT)) {
errormsg = (char_u *)_("E981: Command not allowed in restricted mode");
goto doend;
}
if (!MODIFIABLE(curbuf) && (ea.argt & MODIFY) if (!MODIFIABLE(curbuf) && (ea.argt & MODIFY)
// allow :put in terminals // allow :put in terminals
&& (!curbuf->terminal || ea.cmdidx != CMD_put)) { && (!curbuf->terminal || ea.cmdidx != CMD_put)) {

107
src/nvim/testdir/test_restricted.vim Normal file
View File

@ -0,0 +1,107 @@
" Test for "rvim" or "vim -Z"
source shared.vim
func Test_restricted()
let cmd = GetVimCommand('Xrestricted')
if cmd == ''
return
endif
call writefile([
\ "silent !ls",
\ "call writefile([v:errmsg], 'Xrestrout')",
\ "qa!",
\ ], 'Xrestricted')
call system(cmd . ' -Z')
call assert_match('E145:', join(readfile('Xrestrout')))
call delete('Xrestricted')
call delete('Xrestrout')
endfunc
func Run_restricted_test(ex_cmd, error)
let cmd = GetVimCommand('Xrestricted')
if cmd == ''
return
endif
call writefile([
\ a:ex_cmd,
\ "call writefile([v:errmsg], 'Xrestrout')",
\ "qa!",
\ ], 'Xrestricted')
call system(cmd . ' -Z')
call assert_match(a:error, join(readfile('Xrestrout')))
call delete('Xrestricted')
call delete('Xrestrout')
endfunc
func Test_restricted_lua()
if !has('lua')
throw 'Skipped: Lua is not supported'
endif
call Run_restricted_test('lua print("Hello, Vim!")', 'E981:')
call Run_restricted_test('luado return "hello"', 'E981:')
call Run_restricted_test('luafile somefile', 'E981:')
call Run_restricted_test('call luaeval("expression")', 'E145:')
endfunc
func Test_restricted_mzscheme()
if !has('mzscheme')
throw 'Skipped: MzScheme is not supported'
endif
call Run_restricted_test('mzscheme statement', 'E981:')
call Run_restricted_test('mzfile somefile', 'E981:')
call Run_restricted_test('call mzeval("expression")', 'E145:')
endfunc
func Test_restricted_perl()
if !has('perl')
throw 'Skipped: Perl is not supported'
endif
" TODO: how to make Safe mode fail?
" call Run_restricted_test('perl system("ls")', 'E981:')
" call Run_restricted_test('perldo system("hello")', 'E981:')
" call Run_restricted_test('perlfile somefile', 'E981:')
" call Run_restricted_test('call perleval("system(\"ls\")")', 'E145:')
endfunc
func Test_restricted_python()
if !has('python')
throw 'Skipped: Python is not supported'
endif
call Run_restricted_test('python print "hello"', 'E981:')
call Run_restricted_test('pydo return "hello"', 'E981:')
call Run_restricted_test('pyfile somefile', 'E981:')
call Run_restricted_test('call pyeval("expression")', 'E145:')
endfunc
func Test_restricted_python3()
if !has('python3')
throw 'Skipped: Python3 is not supported'
endif
call Run_restricted_test('py3 print "hello"', 'E981:')
call Run_restricted_test('py3do return "hello"', 'E981:')
call Run_restricted_test('py3file somefile', 'E981:')
call Run_restricted_test('call py3eval("expression")', 'E145:')
endfunc
func Test_restricted_ruby()
if !has('ruby')
throw 'Skipped: Ruby is not supported'
endif
call Run_restricted_test('ruby print "Hello"', 'E981:')
call Run_restricted_test('rubydo print "Hello"', 'E981:')
call Run_restricted_test('rubyfile somefile', 'E981:')
endfunc
func Test_restricted_tcl()
if !has('tcl')
throw 'Skipped: Tcl is not supported'
endif
call Run_restricted_test('tcl puts "Hello"', 'E981:')
call Run_restricted_test('tcldo puts "Hello"', 'E981:')
call Run_restricted_test('tclfile somefile', 'E981:')
endfunc