mode lines in vi
Mark Horton
mark at cbosgd.UUCP
Thu Apr 19 01:43:39 AEST 1984
It has recently been pointed out that the mode line feature of vi can
cause some problems, among them a potentially serious security breach.
Clearly a change needs to be made. I'd like input from the user
community about what change to make.
If you're wondering what mode lines are, let me summarize. They allow
you to embed a line in the first or last 5 lines of a file that automatically
do certain ex commands every time you read in the file. For example, you
may want to set certain modes or set up certain macros. The lines must
contain vi: or ex:, then the commands, then a trailing :. The context does
not matter, so you can enclose them in a comment. For example:
/* vi: set autoindent tabstop=4 shiftwidth=4|map! { ^V{^M^D}^[O^I: */
This idea is based upon a similar (but less general) feature in EMACS.
Due to an oversight, mode lines were never documented.
People are starting to point out that the passwd file might have a user
name ending in vi or ex, resulting in garbage. And there is a security
problem here involving the ! command. There is also a bug which causes
vi to hang if you use a + command line option on a file containing a mode
line. And it is possible to create a file which cannot be edited if you
work at it a little.
The question is, what to do about it. Since mode lines were never documented,
it's probably safe to delete them. But I never like to delete features without
consulting the users to see what the impact would be. If people out there
are actually using this feature (or would like to), I'd appreciate knowing
what you use it for, and any suggestions on how to restrict it to be safe,
and guard it to prevent accidental invocation by passwd files.
Mark Horton
More information about the Comp.bugs.4bsd.ucb-fixes
mailing list