From owner-freebsd-hackers@FreeBSD.ORG  Mon Jul 19 13:15:06 2004
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1883F16A4CE
	for <freebsd-hackers@freebsd.org>;
	Mon, 19 Jul 2004 13:15:06 +0000 (GMT)
Received: from mailhost.stack.nl (vaak.stack.nl [131.155.140.140])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 670F443D4C
	for <freebsd-hackers@freebsd.org>;
	Mon, 19 Jul 2004 13:15:05 +0000 (GMT)	(envelope-from jilles@stack.nl)
Received: from snail.stack.nl (snail.stack.nl [IPv6:2001:610:1108:5010::131])
	by mailhost.stack.nl (Postfix) with ESMTP id 73A0E1F087;
	Mon, 19 Jul 2004 15:15:04 +0200 (CEST)
Received: by snail.stack.nl (Postfix, from userid 1677)
	id 5E9DC2286D; Mon, 19 Jul 2004 15:15:04 +0200 (CEST)
Date: Mon, 19 Jul 2004 15:15:04 +0200
From: Jilles Tjoelker <jilles@stack.nl>
To: Jose de Paula <espinafre@gmail.com>
Message-ID: <20040719131503.GA12222@stack.nl>
References: <5ef8c2f004071419517bdc9f3e@mail.gmail.com>
	<20040718135541.GA28115@gothmog.gr>
	<5ef8c2f0040718144648b49ff6@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <5ef8c2f0040718144648b49ff6@mail.gmail.com>
X-Operating-System: FreeBSD 5.2.1-RELEASE-p9 i386
User-Agent: Mutt/1.5.6i
X-Mailman-Approved-At: Tue, 20 Jul 2004 11:56:18 +0000
cc: freebsd-hackers@freebsd.org
Subject: Re: [PATCH] basic modelines for contrib/nvi
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Jul 2004 13:15:06 -0000

On Sun, Jul 18, 2004 at 06:46:34PM -0300, José de Paula wrote:
> > On 2004-07-14 23:51, Jos? de Paula <espinafre@gmail.com> wrote:
> > > I hacked together this little patch to contrib/nvi to make it support
> > > simple modelines. [snip]

> So, what do you think about it, overall? This patch recognizes one and
> only one modeline, and runs it. Should we look for all possible
> modelines and run all of them? In this case, in what order should we
> check for them?

Probably, but keep it limited to the first and last 5 lines of the file
(in vim, the value 5 is customizable).

> And, concerning the security, what are the implications of this patch?
> I cannot see any obvious blunder, so if you find anyone please let me
> know.

There are some options which can pose a security risk, including but not
limited to cdpath, tempdir, path and shell. You should make a list of
"safe" options and only allow those in modelines.

-- 
Jilles Tjoelker