-
-
Notifications
You must be signed in to change notification settings - Fork 5.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
remove -Z ("restricted" mode) #11972
Comments
One use case is for vimgolf, where |
@dstein64 does vimgolf rely anything allowed in restricted mode but disabled in the sandbox? because otherwise it could use the sandbox (I don't like sandbox either, but we won't do anything about it except doc updates possibly for 0.5) |
The documentation for
In case the sandbox would be feasible, is there some way to run Neovim such that all commands are run through the sandbox? |
Followup to #11929 (comment) :
-Z
is a fake-secure mode that behaves slightly differently than "sandbox" mode. It sprinkles more whack-a-mole "secure" code in various places.Does anyone actually use
-Z
? Where/why is it useful?It's fragile to expect applications like N/Vim to plug all potential vectors for eval/shell/etc. For secure scenarios, OS permissions should be used instead.
The text was updated successfully, but these errors were encountered: