diff --git a/runtime/doc/starting.txt b/runtime/doc/starting.txt index f56baf6bc7..bca2f97042 100644 --- a/runtime/doc/starting.txt +++ b/runtime/doc/starting.txt @@ -256,6 +256,8 @@ a slash. Thus "-R" means recovery and "-/R" readonly. Interfaces, such as Python, Ruby and Lua, are also disabled, since they could be used to execute shell commands. Perl uses the Safe module. + For Unix restricted mode is used when the last part of $SHELL + is "nologin" or "false". Note that the user may still find a loophole to execute a shell command, it has only been made difficult. diff --git a/src/option.c b/src/option.c index 339ea42996..03274a432c 100644 --- a/src/option.c +++ b/src/option.c @@ -307,6 +307,17 @@ set_init_1(int clean_arg) */ set_options_default(0); +#ifdef UNIX + // Force restricted-mode on for "nologin" or "false" $SHELL + p = get_isolated_shell_name(); + if (p != NULL) + { + if (fnamecmp(p, "nologin") == 0 || fnamecmp(p, "false") == 0) + restricted = TRUE; + vim_free(p); + } +#endif + #ifdef CLEAN_RUNTIMEPATH if (clean_arg) { diff --git a/src/testdir/test_restricted.vim b/src/testdir/test_restricted.vim index 22ca2f80c1..f743fbf3e4 100644 --- a/src/testdir/test_restricted.vim +++ b/src/testdir/test_restricted.vim @@ -105,6 +105,14 @@ func Test_restricted_mode() if RunVim([], [], '-Z --clean -S Xrestricted') call assert_equal([], readfile('Xresult')) endif + call delete('Xresult') + if has('unix') && RunVimPiped([], [], '--clean -S Xrestricted', 'SHELL=/bin/false ') + call assert_equal([], readfile('Xresult')) + endif + call delete('Xresult') + if has('unix') && RunVimPiped([], [], '--clean -S Xrestricted', 'SHELL=/sbin/nologin') + call assert_equal([], readfile('Xresult')) + endif call delete('Xrestricted') call delete('Xresult') diff --git a/src/version.c b/src/version.c index d8b3d4b7f5..b96637f152 100644 --- a/src/version.c +++ b/src/version.c @@ -746,6 +746,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ +/**/ + 4282, /**/ 4281, /**/