aniani/vim - vim - SDF GIT Society

aniani/vim

Fork 1

mirror of https://github.com/vim/vim.git synced 2025-07-26 11:04:33 -04:00

Commit Graph

Author	SHA1	Message	Date
Christian Brabandt	816fbcc262	patch 9.0.1833: [security] runtime file fixes Problem: runtime files may execute code in current dir Solution: only execute, if not run from current directory The perl, zig and ruby filetype plugins and the zip and gzip autoload plugins may try to load malicious executable files from the current working directory. This is especially a problem on windows, where the current directory is implicitly in your $PATH and windows may even run a file with the extension `.bat` because of $PATHEXT. So make sure that we are not trying to execute a file from the current directory. If this would be the case, error out (for the zip and gzip) plugins or silently do not run those commands (for the ftplugins). This assumes, that only the current working directory is bad. For all other directories, it is assumed that those directories were intentionally set to the $PATH by the user. Signed-off-by: Christian Brabandt <cb@256bit.org>	2023-08-31 23:52:30 +02:00
Viktor Szépe	3fc7a7e44a	runtime: Fix typos in various files closes: #12836 Signed-off-by: Christian Brabandt <cb@256bit.org> Co-authored-by: Viktor Szépe <viktor@szepe.net>	2023-08-23 21:20:00 +02:00
Bram Moolenaar	86b4816766	Update runtime files	2022-12-06 18:20:10 +00:00

Author

SHA1

Message

Date

Christian Brabandt

816fbcc262

patch 9.0.1833: [security] runtime file fixes

Problem:  runtime files may execute code in current dir
Solution: only execute, if not run from current directory

The perl, zig and ruby filetype plugins and the zip and gzip autoload
plugins may try to load malicious executable files from the current
working directory.  This is especially a problem on windows, where the
current directory is implicitly in your $PATH and windows may even run a
file with the extension `.bat` because of $PATHEXT.

So make sure that we are not trying to execute a file from the current
directory. If this would be the case, error out (for the zip and gzip)
plugins or silently do not run those commands (for the ftplugins).

This assumes, that only the current working directory is bad. For all
other directories, it is assumed that those directories were
intentionally set to the $PATH by the user.

Signed-off-by: Christian Brabandt <cb@256bit.org>

2023-08-31 23:52:30 +02:00

Viktor Szépe

3fc7a7e44a

runtime: Fix typos in various files

closes: #12836

Signed-off-by: Christian Brabandt <cb@256bit.org>
Co-authored-by: Viktor Szépe <viktor@szepe.net>

2023-08-23 21:20:00 +02:00

Bram Moolenaar

86b4816766

Update runtime files

2022-12-06 18:20:10 +00:00

3 Commits