Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10 3/23/84; site cbosgd.UUCP Path: utzoo!watmath!clyde!burl!we13!ihnp4!cbosgd!mark From: mark@cbosgd.UUCP (Mark Horton) Newsgroups: net.bugs.4bsd,net.unix Subject: mode lines in vi Message-ID: <1281@cbosgd.UUCP> Date: Wed, 18-Apr-84 10:43:39 EST Article-I.D.: cbosgd.1281 Posted: Wed Apr 18 10:43:39 1984 Date-Received: Thu, 19-Apr-84 04:04:01 EST Organization: AT&T Bell Laboratories, Columbus Lines: 32 It has recently been pointed out that the mode line feature of vi can cause some problems, among them a potentially serious security breach. Clearly a change needs to be made. I'd like input from the user community about what change to make. If you're wondering what mode lines are, let me summarize. They allow you to embed a line in the first or last 5 lines of a file that automatically do certain ex commands every time you read in the file. For example, you may want to set certain modes or set up certain macros. The lines must contain vi: or ex:, then the commands, then a trailing :. The context does not matter, so you can enclose them in a comment. For example: /* vi: set autoindent tabstop=4 shiftwidth=4|map! { ^V{^M^D}^[O^I: */ This idea is based upon a similar (but less general) feature in EMACS. Due to an oversight, mode lines were never documented. People are starting to point out that the passwd file might have a user name ending in vi or ex, resulting in garbage. And there is a security problem here involving the ! command. There is also a bug which causes vi to hang if you use a + command line option on a file containing a mode line. And it is possible to create a file which cannot be edited if you work at it a little. The question is, what to do about it. Since mode lines were never documented, it's probably safe to delete them. But I never like to delete features without consulting the users to see what the impact would be. If people out there are actually using this feature (or would like to), I'd appreciate knowing what you use it for, and any suggestions on how to restrict it to be safe, and guard it to prevent accidental invocation by passwd files. Mark Horton