svn commit: trunk/busybox/editors

vda at busybox.net vda at busybox.net
Mon Dec 18 16:29:24 PST 2006 

Author: vda
Date: 2006-12-18 16:29:22 -0800 (Mon, 18 Dec 2006)
New Revision: 17001

Log:
Add option to disable command execution from vi & awk


Modified:
   trunk/busybox/editors/Config.in
   trunk/busybox/editors/awk.c
   trunk/busybox/editors/vi.c


Changeset:
Modified: trunk/busybox/editors/Config.in
===================================================================
--- trunk/busybox/editors/Config.in	2006-12-19 00:20:20 UTC (rev 17000)
+++ trunk/busybox/editors/Config.in	2006-12-19 00:29:22 UTC (rev 17001)
@@ -127,5 +127,12 @@
 	  This will make the cursor movement faster, but requires more memory
 	  and it makes the applet a tiny bit larger.
 
+config FEATURE_ALLOW_EXEC
+	bool "Allow vi and awk to execute shell commands"
+	default y
+	depends on VI || AWK
+	help
+	  Enables vi and awk features which allows user to execute
+	  shell commands (using system() C call).
+
 endmenu
-

Modified: trunk/busybox/editors/awk.c
===================================================================
--- trunk/busybox/editors/awk.c	2006-12-19 00:20:20 UTC (rev 17000)
+++ trunk/busybox/editors/awk.c	2006-12-19 00:29:22 UTC (rev 17001)
@@ -2378,7 +2378,8 @@
 
 			  case F_sy:
 				fflush(NULL);
-				R.d = (L.s && *L.s) ? (system(L.s) >> 8) : 0;
+				R.d = (ENABLE_FEATURE_ALLOW_EXEC && L.s && *L.s)
+						? (system(L.s) >> 8) : 0;
 				break;
 
 			  case F_ff:

Modified: trunk/busybox/editors/vi.c
===================================================================
--- trunk/busybox/editors/vi.c	2006-12-19 00:20:20 UTC (rev 17000)
+++ trunk/busybox/editors/vi.c	2006-12-19 00:29:22 UTC (rev 17001)
@@ -660,7 +660,9 @@
 			dot = find_line(b);	// what line is #b
 			dot_skip_over_ws();
 		}
-	} else if (strncmp((char *) cmd, "!", 1) == 0) {	// run a cmd
+	}
+#if ENABLE_FEATURE_ALLOW_EXEC
+	else if (strncmp((char *) cmd, "!", 1) == 0) {	// run a cmd
 		// :!ls   run the <cmd>
 		(void) alarm(0);		// wait for input- no alarms
 		place_cursor(rows - 1, 0, FALSE);	// go to Status line
@@ -670,7 +672,9 @@
 		rawmode();
 		Hit_Return();			// let user see results
 		(void) alarm(3);		// done waiting for input
-	} else if (strncmp((char *) cmd, "=", i) == 0) {	// where is the address
+	}
+#endif
+	else if (strncmp((char *) cmd, "=", i) == 0) {	// where is the address
 		if (b < 0) {	// no addr given- use defaults
 			b = e = count_lines(text, dot);
 		}

More information about the busybox-cvs mailing list