Path: utzoo!utgpu!attcan!uunet!lll-winken!csd4.milw.wisc.edu!indri!eta!nic.MR.NET!shamash!sialis!icus!lenny From: lenny@icus.islp.ny.us (Lenny Tropiano) Newsgroups: unix-pc.sources Subject: Re: Need vi modeline patch... Summary: ... Here's the source, again ... Message-ID: <670@icus.islp.ny.us> Date: 14 Apr 89 00:14:33 GMT References: <506@flatline.UUCP> Reply-To: lenny@icus.islp.ny.us (Lenny Tropiano) Followup-To: unix-pc.general Distribution: unix-pc Organization: ICUS Software Systems, Islip, New York Lines: 213 In article <506@flatline.UUCP> erict@flatline.UUCP (J. Eric Townsend) writes: |> |> |>If you know where I can ftp it, that'd be fine, reposting it |>to unix-pc.sources might not be a bad idea, or just emailing it |>would do.. (I forsee followups of "me too".) |> Since this is small, and knowing that lots of people miss things the first time it comes through, I decided to repost this for Gil. Gil Kloepfer, Jr. (gil@limbic) developed this ditty that will binary patch "vi" to disable the very bad security flaw of the vi-modelines "feature" ... At least AT&T calls it a feature. -- cut here for the original posting information -- This patch disables the "modelines" option in the UNIX-pc version of vi. The option allows people to mail/post/give files which will execute shell commands if edited...and could cause havoc if abused. Most people never use the option, so disabling it is a viable alternative (to bugging AT&T to death). -- Gil Kloepfer, Jr. U-Net: {decuac,boulder,talcott,sbcs}!icus!limbic!gil ICUS Software Systems Voice: (516) 968-6860 [H] (516) 746-2350 x219 [W] P.O. Box 1 Internet: gil@icus.islp.ny.us Islip Terrace, NY 11752 "Life's a ... well, you know..." #! /bin/sh # This is a shell archive. Remove anything before this line, then unpack # it by saving it into a file and typing "sh file". To overwrite existing # files, type "sh file -c". You can also feed this as standard input via # unshar, or by typing "sh Makefile <<'END_OF_Makefile' X# X# Makefile to compile vifix.c (vi modeline elimination) X# (c)1988 ICUS Software Systems UUCP: ...icus!software X# XCFLAGS=-v -O XLDFLAGS=-s XLIBS=/lib/crt0s.o /lib/shlib.ifile X# Xvifix: vifix.o X @echo "Loading ..." X $(LD) $(LDFLAGS) -o vifix vifix.o $(LIBS) X @echo "Copying /usr/bin/vi to current directory ..." X @cp /usr/bin/vi . X @vifix X @echo "Save old version, and copy \"vi\" to /usr/bin" END_OF_Makefile if test 399 -ne `wc -c README <<'END_OF_README' Xvi/ex modeline feature disable patch ... Gil Kloepfer, ICUS Software Systems X---------------------------------------------------------------------------- X XThis program and its Makefile are used to disable the modeline feature in Xvi/ex which can inadvertantly allow malicious users to send "infected" files Xto privileged users and disrupt system activities. X XThe patch is applied by executing the makefile ($ make). The makefile will Xcompile the patch program, copy the vi editor executable file into your Xcurrent directory and apply the patch to this copy. You should then make Xa copy of the original vi editor, and copy the new one over the old one. X X # make X # cp /usr/bin/vi /usr/bin/vi.OLD X # cp ./vi /usr/bin/vi X XThanks to Lenny Tropiano for the makefile. Those who feel more comfortable Xapplying the patch without any makefiles, the procedure is as follows: X X # cc -v -o vifix vifix.c X # cd /usr/bin X # cp vi vi.OLD X # whatever-path/vifix X XThe vifix program will inform you if the version of vi you are fixing is Xsupported by the patch program. Note that this message will also appear if Xthe patch is already applied. X XYou can check to see if the patch really worked by editing the file X"modetest" with this shell archive with vi. If a bannered word prints Xout at all, the patch did not successfully take effect. X XAny further questions about the patch can be directed to Gil Kloepfer Xat ...icus!limbic!gil, gil@limbic.UUCP, or gil@icus.islp.ny.us END_OF_README if test 1465 -ne `wc -c modetest <<'END_OF_modetest' Xex:!banner "this": Xei:!banner "is": Xvx:!banner "a": Xvi:!banner "test": END_OF_modetest if test 71 -ne `wc -c vifix.c <<'END_OF_vifix.c' X/* X * vifix.c X * X * Program to patch UNIX-pc (3B1) "vi" editor so that the modeline X * function is disabled. X * X * By Gil Kloepfer, Jr., Lenny Tropiano ICUS Software Systems 11/26/1988 X * Permission granted to redistribute without profit in the public domain X * only. This header must remain in-tact as is. This program carries X * no warranties, express or implied, and all consequences resulting from X * the application of this patch are the sole responsibility of the user. X * X * Patch transforms the following byte pattern in vi -- this comment here X * so that this program could be adapted to a newer version of vi: X * X * From: X * 377 374 112 200 147 000 000 174 040 X * To: X * 377 374 116 161 140 000 000 174 040 X * X * This effectively skips over the modeline checking code in the editor. X */ X X#define NONCRYPT 26202L X#define CRYPT 26434L X X#include X Xmain() X{ X char buffer[3]; X int fd; X X if ((fd=open("vi",O_RDWR)) < 0) { X perror("open"); X exit(1); X } X X lseek(fd,NONCRYPT,0); /* check for ENHANCED EDITOR version */ X if (read(fd,buffer,3) != 3) { X perror("read"); X exit(1); X } X X if ((int)buffer[0] != 0112 && X (int)buffer[1] != 0200 && X (int)buffer[2] != 0147) { X lseek(fd,CRYPT,0); /* check for ENCRYPTION SET version */ X if (read(fd,buffer,3) != 3) { X perror("read"); X exit(1); X } X if ((int)buffer[0] != 0112 && X (int)buffer[1] != 0200 && X (int)buffer[2] != 0147) { X printf("Version of vi not valid for this patch.\n"); X exit(1); X } X } X X lseek(fd,-3L,1); /* back up pointer 3 bytes */ X buffer[0]=(char)0116; X buffer[1]=(char)0161; X buffer[2]=(char)0140; X write(fd,buffer,3); X X close(fd); X printf("vi modeline elimination patch successfully applied\n"); X exit(0); X} END_OF_vifix.c if test 1745 -ne `wc -c