Date: Mon, 19 Jul 2004 15:15:04 +0200 From: Jilles Tjoelker <jilles@stack.nl> To: Jose de Paula <espinafre@gmail.com> Cc: freebsd-hackers@freebsd.org Subject: Re: [PATCH] basic modelines for contrib/nvi Message-ID: <20040719131503.GA12222@stack.nl> In-Reply-To: <5ef8c2f0040718144648b49ff6@mail.gmail.com> References: <5ef8c2f004071419517bdc9f3e@mail.gmail.com> <20040718135541.GA28115@gothmog.gr> <5ef8c2f0040718144648b49ff6@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jul 18, 2004 at 06:46:34PM -0300, José de Paula wrote: > > On 2004-07-14 23:51, Jos? de Paula <espinafre@gmail.com> wrote: > > > I hacked together this little patch to contrib/nvi to make it support > > > simple modelines. [snip] > So, what do you think about it, overall? This patch recognizes one and > only one modeline, and runs it. Should we look for all possible > modelines and run all of them? In this case, in what order should we > check for them? Probably, but keep it limited to the first and last 5 lines of the file (in vim, the value 5 is customizable). > And, concerning the security, what are the implications of this patch? > I cannot see any obvious blunder, so if you find anyone please let me > know. There are some options which can pose a security risk, including but not limited to cdpath, tempdir, path and shell. You should make a list of "safe" options and only allow those in modelines. -- Jilles Tjoelker
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040719131503.GA12222>