vim/runtime/syntax/gpg.vim at 026b17404aa3b6e01c4ee5f14a174f33c53f4401

thac0/vim

Files

Christian Brabandt 6d91227267 runtime(gpg): Mark dangerous use-embedded-filename with WarningMsg

The syntax highlighter is likely to encourage people to use the listed
commands.

But `use-embedded-filename` is a dangerous option that can cause GnuPG
to write arbitrary data to arbitrary files whenever GnuPG encounters
malicious data.

GnuPG upstream explicitly warns against using this option:

https://dev.gnupg.org/T4500
https://dev.gnupg.org/T6972

However, since this is a valid option, we cannot just drop it from the
syntax script. Instead, let's mark it with the WarningMsg highlighting
to make it obvious, that this option is different (and should not be
used for security reasons).

closes: #13961

Co-authored-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Signed-off-by:  Christian Brabandt <cb@256bit.org>

2024-02-11 18:19:45 +01:00

8.3 KiB

Raw Blame History

View Raw

8.3 KiB Raw Blame History

8.3 KiB

Raw Blame History