Xref: utzoo comp.unix.questions:9925 comp.bugs.sys5:641
Path: utzoo!yunexus!geac!syntron!jtsv16!uunet!auspex!guy
From: guy@auspex.UUCP (Guy Harris)
Newsgroups: comp.unix.questions,comp.bugs.sys5
Subject: Re: vi `ei:' (`modeline')
Keywords: Know what your doing
Message-ID: <299@auspex.UUCP>
Date: 25 Oct 88 16:22:59 GMT
Article-I.D.: auspex.299
References: <3394@dunkshot.mips.COM> <1235@cbnews.ATT.COM> <13215@hqda-ai.ARPA> <1857@loral.UUCP> <7057@ki4pv.uucp>
Reply-To: guy@auspex.UUCP (Guy Harris)
Organization: Auspex Systems, Santa Clara
Lines: 14

>) I want [modelines] on 95% of the time.  Yes, I know its a security
>) hole.  But it's such a damned useful little hole.....
>
>The clever thing to do, then, would be to close the security hole.
>Refuse to pass "!" commands from modelines.  Leave the useful
>functionality (file configures editor properly) in place.

*AND* provide some way for a user to shut modelines OFF, just in case
they DON'T like getting surprised by random commands being executed by
the editor just because a character sequence that looks like a modeline
happens to be in the file....  (Both 4.3BSD and S5R3 provide this;
there's an option that has to be "on" in order for "ex"/"vi" to
recognize modelines.  Unfortunately, 4.3BSD calls it "modeline" and S5R3
calls it "modelines"....)