patch 8.2.4282: restricted mode requires the -Z command line option

Problem:    Restricted mode requires the -Z command line option.
Solution:   Use restricted mode when $SHELL ends in "nologin" or "false".
            (closes #9681)

diff --git a/runtime/doc/starting.txt b/runtime/doc/starting.txt
index f56baf6bc751259b36de95e13197f5cd4e8da68e..bca2f9704210deaf73246b6b2e955cee89ef5b24 100644 (file)
--- a/runtime/doc/starting.txt
+++ b/runtime/doc/starting.txt
@@ -256,6 +256,8 @@ a slash.  Thus "-R" means recovery and "-/R" readonly.
                Interfaces, such as Python, Ruby and Lua, are also disabled,
                since they could be used to execute shell commands.  Perl uses
                the Safe module.
+               For Unix restricted mode is used when the last part of $SHELL
+               is "nologin" or "false".
                Note that the user may still find a loophole to execute a
                shell command, it has only been made difficult.
 

diff --git a/src/option.c b/src/option.c
index 339ea4299692c8646dd2c5b31b3e97bf69d3c509..03274a432cc3751053f7abfaa39e4a816ec94e02 100644 (file)
--- a/src/option.c
+++ b/src/option.c
@@ -307,6 +307,17 @@ set_init_1(int clean_arg)
      */
     set_options_default(0);
 
+#ifdef UNIX
+    // Force restricted-mode on for "nologin" or "false" $SHELL
+    p = get_isolated_shell_name();
+    if (p != NULL)
+    {
+       if (fnamecmp(p, "nologin") == 0 || fnamecmp(p, "false") == 0)
+           restricted = TRUE;
+       vim_free(p);
+    }
+#endif
+
 #ifdef CLEAN_RUNTIMEPATH
     if (clean_arg)
     {

diff --git a/src/testdir/test_restricted.vim b/src/testdir/test_restricted.vim
index 22ca2f80c19cce802ebf5f72ab0f5312b18f52c0..f743fbf3e495f0ad8a35feb29ddfcf8cd11bb4ad 100644 (file)
--- a/src/testdir/test_restricted.vim
+++ b/src/testdir/test_restricted.vim
@@ -105,6 +105,14 @@ func Test_restricted_mode()
   if RunVim([], [], '-Z --clean -S Xrestricted')
     call assert_equal([], readfile('Xresult'))
   endif
+  call delete('Xresult')
+  if has('unix') && RunVimPiped([], [], '--clean -S Xrestricted', 'SHELL=/bin/false ')
+    call assert_equal([], readfile('Xresult'))
+  endif
+  call delete('Xresult')
+  if has('unix') && RunVimPiped([], [], '--clean -S Xrestricted', 'SHELL=/sbin/nologin')
+    call assert_equal([], readfile('Xresult'))
+  endif
 
   call delete('Xrestricted')
   call delete('Xresult')

diff --git a/src/version.c b/src/version.c
index d8b3d4b7f50e17823191dfba27aca30c04ebd422..b96637f152abdb61a7f0a652b982edcadd6f795e 100644 (file)
--- a/src/version.c
+++ b/src/version.c
@@ -746,6 +746,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    4282,
 /**/
     4281,
 /**/