Search code examples
vimmacrostrojanlatex-suite

Trojan in vim's latex_suite?

I was going through some code for latex_suite called vim_latex (http://vim-latex.sourceforge.net/) and I found few interesting lines in the file called "templates.vim":

" Back-Door to trojans !!!
 function! <SID>Compute(what)
     exe a:what
     if exists('s:comTemp')
         return s:comTemp.s:comTemp
     else
         return ''
     endif
endfunction

Well, I'm not an expert on vim code, so I cannot interpret these lines except for the comment that freak me up a bit. Do you guys have an idea about what is happening ?

Edit: The function seems to be called only by the following one:

" ProcessTemplate: processes the special characters in template file. {{{
"                  This implementation follows from Gergely Kontra's
"                  mu-template.vim
"                  http://vim.sourceforge.net/scripts/script.php?script_id=222
function! <SID>ProcessTemplate()
  if exists('s:phsTemp') && s:phsTemp != ''
    exec 'silent! %s/^'.s:comTemp.'\(\_.\{-}\)'.s:comTemp.'$/\=<SID>Compute(submatch(1))/ge'
    exec 'silent! %s/'.s:exeTemp.'\(.\{-}\)'.s:exeTemp.'/\=<SID>Exec(submatch(1))/ge'
    exec 'silent! g/'.s:comTemp.s:comTemp.'/d'  
    " A function only puts one item into the search history...
    call Tex_CleanSearchHistory()
  endif
endfunction

According to the header file description, the aim of these functions is to handle templates located into a specific directory.

Solution

  • I think the comment is intended as a warning. The function <SID>ProcessTemplate() goes through a template file, looks for certain (configurable) patterns, and calls <SID>Compute(what) where the argument what is text extracted from the template. Note the line :exe a:what.

    If you install a template file from an untrusted source, then bad things can happen.

    Of course, if you install a vim plugin from an untrusted source, equally bad things can happen. Putting malware in a template file adds a few levels of indirection, making it harder to implement and harder to diagnose.

    It is possible that this code was written before the :sandbox command was added to vim, and that might be an easy way to make this code safer. I have not looked at what is allowed in the sandbox and compared it to the intended use of this template processing.