[PATCH] basic modelines for contrib/nvi
Jilles Tjoelker
jilles at stack.nl
Mon Jul 19 06:15:06 PDT 2004
On Sun, Jul 18, 2004 at 06:46:34PM -0300, José de Paula wrote:
> > On 2004-07-14 23:51, Jos? de Paula <espinafre at gmail.com> wrote:
> > > I hacked together this little patch to contrib/nvi to make it support
> > > simple modelines. [snip]
> So, what do you think about it, overall? This patch recognizes one and
> only one modeline, and runs it. Should we look for all possible
> modelines and run all of them? In this case, in what order should we
> check for them?
Probably, but keep it limited to the first and last 5 lines of the file
(in vim, the value 5 is customizable).
> And, concerning the security, what are the implications of this patch?
> I cannot see any obvious blunder, so if you find anyone please let me
> know.
There are some options which can pose a security risk, including but not
limited to cdpath, tempdir, path and shell. You should make a list of
"safe" options and only allow those in modelines.
--
Jilles Tjoelker
More information about the freebsd-hackers
mailing list