Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.rmit.EDU.AU!goanna.cs.rmit.edu.au!news.apana.org.au!cantor.edge.net.au!news.mira.net.au!news.vbc.net!vbcnet-west!knews.uk0.vbc.net!vbcnet-gb!azure.xara.net!xara.net!netcom.net.uk!ix.netcom.com!news.idt.net!cam-news-hub1.bbnplanet.com!news.bbnplanet.com!news.maxwell.syr.edu!news.cis.ohio-state.edu!nntp.sei.cmu.edu!bb3.andrew.cmu.edu!andrew.cmu.edu!sumner+ From: Gerry S Hayes <sumner@CMU.EDU> Newsgroups: comp.editors,comp.unix.bsd.misc,comp.os.linux.misc Subject: Re: What is vi? (Re: Betting on Unix) Date: Mon, 17 Mar 1997 01:40:44 -0500 Organization: Carnegie Mellon, Pittsburgh, PA Lines: 25 Distribution: inet Message-ID: <0n=CRg200YUg18wEg0@andrew.cmu.edu> References: <5d3sr2$44n@nntp1.best.com> <330B2333.38B6@to.me.please> <5ehglc$lef@innocence.interface-business.de> <330EF0FF.55CE@to.me.please> <5esial$eit@innocence.interface-business.de> <5esunl$9bv@web.nmti.com> <3313B49A.2B42@ibm.net> <331b5865.0@131.162.2.91> <857531709.6661.1@msn-9-16.binc.net> <331D71A4.556B@absyss.fr> <5fto1u$jde$2@peachy.apana.org.au> <pdxvi6z9x8j.fsf_-_@vesuri.Helsinki.FI> <0n_vIm200YUf0Q5OA0@andrew.cmu.edu> <5ggpcj$5sd@clarknet.clark.net> <0n=6zb200YUg0F3Lk0@andrew.cmu.edu> <5ght26$o3i@clarknet.clark.net> NNTP-Posting-Host: po8.andrew.cmu.edu In-Reply-To: <5ght26$o3i@clarknet.clark.net> Xref: euryale.cc.adfa.oz.au comp.editors:22345 comp.unix.bsd.misc:2827 comp.os.linux.misc:164908 T.E.Dickey <dickey@clark.net> writes: > but (not to belabor the issue) not all "traditional" vi's implement > modelines. > Fair enough. Still, it's annoying to see a useful feature abandoned because it can prevent a security risk if used improperly or implemented poorly. > (It's a low-priority wishlist item for vile; but I intend only to be > able to set tabstops, etc. -- invoking shell commands is the part that > causes people concern). Make sure that you can't set options that will harm the user (set shell=/tmp/rm-home-directory, for instance) if some modelinesecure option is set. Also, make it possible to execute modelines only on files that the user owns. There are some real security issues here to consider. Elvis has taken a look at some of these issues. Cordially, Sumner -- Respond by post or email, but please don't do both; my mailbox is already quite full.