patch 8.2.4282: restricted mode requires the -Z command line option
Problem: Restricted mode requires the -Z command line option.
Solution: Use restricted mode when $SHELL ends in "nologin" or "false".
(closes #9681)
diff --git a/src/option.c b/src/option.c
index 339ea42..03274a4 100644
--- a/src/option.c
+++ b/src/option.c
@@ -307,6 +307,17 @@
*/
set_options_default(0);
+#ifdef UNIX
+ // Force restricted-mode on for "nologin" or "false" $SHELL
+ p = get_isolated_shell_name();
+ if (p != NULL)
+ {
+ if (fnamecmp(p, "nologin") == 0 || fnamecmp(p, "false") == 0)
+ restricted = TRUE;
+ vim_free(p);
+ }
+#endif
+
#ifdef CLEAN_RUNTIMEPATH
if (clean_arg)
{
diff --git a/src/testdir/test_restricted.vim b/src/testdir/test_restricted.vim
index 22ca2f8..f743fbf 100644
--- a/src/testdir/test_restricted.vim
+++ b/src/testdir/test_restricted.vim
@@ -105,6 +105,14 @@
if RunVim([], [], '-Z --clean -S Xrestricted')
call assert_equal([], readfile('Xresult'))
endif
+ call delete('Xresult')
+ if has('unix') && RunVimPiped([], [], '--clean -S Xrestricted', 'SHELL=/bin/false ')
+ call assert_equal([], readfile('Xresult'))
+ endif
+ call delete('Xresult')
+ if has('unix') && RunVimPiped([], [], '--clean -S Xrestricted', 'SHELL=/sbin/nologin')
+ call assert_equal([], readfile('Xresult'))
+ endif
call delete('Xrestricted')
call delete('Xresult')
diff --git a/src/version.c b/src/version.c
index d8b3d4b..b96637f 100644
--- a/src/version.c
+++ b/src/version.c
@@ -747,6 +747,8 @@
static int included_patches[] =
{ /* Add new patch number below this line */
/**/
+ 4282,
+/**/
4281,
/**/
4280,