Xref: utzoo news.sysadmin:1782 comp.unix.wizards:13110
Path: utzoo!utgpu!watmath!clyde!att!rutgers!ucsd!sdcsvax!ucsdhub!esosun!seismo!uunet!auspex!guy
From: guy@auspex.UUCP (Guy Harris)
Newsgroups: news.sysadmin,comp.unix.wizards
Subject: Re: Trojan horse possible with news readers
Message-ID: <566@auspex.UUCP>
Date: 2 Dec 88 18:26:23 GMT
References: <6775@rosevax.Rosemount.COM>
Reply-To: guy@auspex.UUCP (Guy Harris)
Organization: Auspex Systems, Santa Clara
Lines: 11

>The default editor is usually vi; some versions of vi will execute
>commands if it sees a line (near the top or bottom of a file)
>of the form <e><x><:><command><:>

Note that some versions of "ex"/"vi" can be told to ignore mode lines,
and both the 4.3BSD and S5R3 version appear to turn them off by default.
Any user who has turned them *on* (by saying "set modeline" in the
4.3BSD version, or "set modelines" in the S5R3 version), is vulnerable.

Note also that it will also accept lines of the form "vi:<command>:",
and some earlier versions also accept "ei" or "vx".