Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Problem: When setting 'filetype' there is no check for a valid name. Solution: Only allow valid characters in 'filetype', 'syntax' and 'keymap'.
- Loading branch information
Showing
3 changed files
with
87 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
d0b5138
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Any PoC for this vuln?
d0b5138
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@matlink
I put together a PoC:
works for me and a colleague, but it may depend on your vim (doesn't work for a friend of mine, trying to figure out why)
d0b5138
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
d0b5138
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@matlink
The other machine where it doesn't work is Ubuntu 14.04 (so debian based). What we saw there was that channel and job was not enabled (no +channel or +job in feature list).
Successful on Fedora, Arch and FreeBSD 11.0-RELEASE-p1 (though tcsh is the default shell there, and the test payload above is for bash, so SHELL should be set to /usr/local/bin/bash, or the test payload should be tcsh compatible)
FreeBSD version:
Fedora version:
d0b5138
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's because I disable modelines by default in Debian (not just for root) and recommend using a plugin like securemodelines instead.
d0b5138
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
d0b5138
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It has nothing to do with
+channel
or+job
. You just need modelines enabled and syntax highlighting enabled.d0b5138
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
d0b5138
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Because you have an updated Vim which fixes the problem.
d0b5138
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
d0b5138
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, your vim has been fixed (Debian already provides a backported fix). Check your apt logfile for a recently updated Vim package