1

I was going through some code for latex_suite called vim_latex (http://vim-latex.sourceforge.net/) and I found few interesting lines in the file called "templates.vim":

" Back-Door to trojans !!!
 function! <SID>Compute(what)
     exe a:what
     if exists('s:comTemp')
         return s:comTemp.s:comTemp
     else
         return ''
     endif
endfunction

Well, I'm not an expert on vim code, so I cannot interpret these lines except for the comment that freak me up a bit. Do you guys have an idea about what is happening ?

Edit: The function seems to be called only by the following one:

" ProcessTemplate: processes the special characters in template file. {{{
"                  This implementation follows from Gergely Kontra's
"                  mu-template.vim
"                  http://vim.sourceforge.net/scripts/script.php?script_id=222
function! <SID>ProcessTemplate()
  if exists('s:phsTemp') && s:phsTemp != ''
    exec 'silent! %s/^'.s:comTemp.'\(\_.\{-}\)'.s:comTemp.'$/\=<SID>Compute(submatch(1))/ge'
    exec 'silent! %s/'.s:exeTemp.'\(.\{-}\)'.s:exeTemp.'/\=<SID>Exec(submatch(1))/ge'
    exec 'silent! g/'.s:comTemp.s:comTemp.'/d'  
    " A function only puts one item into the search history...
    call Tex_CleanSearchHistory()
  endif
endfunction

According to the header file description, the aim of these functions is to handle templates located into a specific directory.

PersianGulf
  • 2,845
  • 6
  • 47
  • 67
Matt
  • 162
  • 2
  • 11
  • without reading other codes, the function seems to be ok, it executes `what`, which should be an `ex` command. and return a string. (empty or repeat `s:comTemp`). you may want to look for where the function was invoked. – Kent Mar 14 '14 at 14:20
  • 1
    I'm pretty sure most backdoors aren't labeled "backdoor"... Which is exactly what somebody injecting a backdoor would think. Classic misdirection. – user229044 Mar 14 '14 at 14:44
  • Thank you guys for the answer. @meagar : you are right... would be such a fail from a craker... – Matt Mar 14 '14 at 15:05

1 Answers1

1

I think the comment is intended as a warning. The function <SID>ProcessTemplate() goes through a template file, looks for certain (configurable) patterns, and calls <SID>Compute(what) where the argument what is text extracted from the template. Note the line :exe a:what.

If you install a template file from an untrusted source, then bad things can happen.

Of course, if you install a vim plugin from an untrusted source, equally bad things can happen. Putting malware in a template file adds a few levels of indirection, making it harder to implement and harder to diagnose.

It is possible that this code was written before the :sandbox command was added to vim, and that might be an easy way to make this code safer. I have not looked at what is allowed in the sandbox and compared it to the intended use of this template processing.

benjifisher
  • 5,054
  • 16
  • 18
  • Thank you for the answer. I now understand better what is being done: in the templates files, few lines include some code to be executed in order to obtain pieces of information (filename, creation date,...). Obviously, an unsafe template could include malware to be executed. – Matt Mar 14 '14 at 17:14