Date: Mon, 12 Jul 2004 10:53:14 -0300 From: =?ISO-8859-1?Q?Jos=E9_de_Paula?= <espinafre@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: nvi and modelines Message-ID: <5ef8c2f00407120653b5ce881@mail.gmail.com> In-Reply-To: <20040712130553.GC2863@cise.ufl.edu> References: <5ef8c2f004070819386673edbb@mail.gmail.com> <20040712130553.GC2863@cise.ufl.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 12 Jul 2004 09:05:53 -0400, N. Thomas <nthomas@cise.ufl.edu> wrote:
> * Jos? de Paula <espinafre@gmail.com> [2004-07-08 23:38:22 -0300]:
> > The nvi manual page says that modelines will never be implemented.
> > Does anyone know the rationale behind this
>
> Probably because it's a *huge* security risk. Modelines will cause vi to
> read commands from the file. Can you imagine what it could do in the
> wrong hands?
>
Yes, I can imagine. The last thing we need is macro viruses in a text editor.
However, I believe (please prove me wrong) that restricting the possible
commands on a modeline only to arguments for :set (like vim does) doesn't pose
a security risk.
> Even Vim, preeminent among vi clones, uses only a "stripped down"
> modeline. From the online Vim manual:
>
> No other commands than "set" are supported, for security reasons
> (somebody might create a Trojan horse text file with modelines).
>
Yep, I saw that; I had this in mind when suggesting modelines for nvi.
Actually I'm hacking a quick-and-dirty modeline implementation for nvi,
`a la vim (i.e., only accept 'set ' arguments on the modeline). I will post it
somewhere (probably on Usenet, comp.editors) when it is at least compilable.
> Is there something that you want to do with modelines that you can't do
> in nvi?
>
I can always use nvi -c 'commands', but I think it would be nice to
have automatic
ts/sw/whatever settings according to the individual file I am editing.
Besides, this is more to increase nvi's compatibility with original vi
than anything else. Think of it as "art for art's sake"; for the
utility, we already have ${FAVORITE_EDITOR}.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5ef8c2f00407120653b5ce881>