Trojan horse newsreader FIX

Arthur David Olson ado at elsie.UUCP
Sat Dec 10 09:20:17 AEST 1988 

> Here is a fix for the newsreader trojan horse I posted last week.
> Change your newsreader to do:
> 
> /full/path/vi '+set nomodeline' filename
> 
> ...whenever it will invoke vi (or ex)
> 
> The '+set nomodeline' happens after the .exrc and EXINIT stuff,
> and will prevent vi commands from executing.  However, a strange
> side-effect seems to lock up vi iff:

At least on our MORE/bsd 4.3 system, the order of operations in vi is to
	1)  do the commands in the environment variable EXINIT if EXINIT is
	    set and non-empty (it's "empty" if you've used a command such as
		EXINIT=""
	    to set the EXINIT environment variable);
	2)  do the commands in the file "~/.exrc" if EXINIT is not set
	    (or is empty), and if "~/.exrc" is present;
	3)  do the commands in ".exrc" if ".exrc" is present;
	4)  do the "modeline" commands in the file being edited (if the
	    editor "modeline" variable is set);
	5)  do the commands given by the "+..." command line argument.
So, at least on our system, the fix suggested above fails to cure the problem
since "modeline" is only turned off after the commands in the file being edited
have been performed.

On *any* system, handling things in the news reading software seems less
than best since it addresses the symptom rather than the underlying problem.
To do the latter, and to have "modeline" set when you run "vi":
	1)  take the "set modeline" command out of your "~.exrc" file; and
	2)  establish a "vi" alias along these lines (ksh form is given here):
		alias vi='EXINIT="so ~/.exrc|set modeline" vi'
This way, when you yourself explicitly run vi under the auspices of your shell,
"modeline" will be turned on; when a program starts vi for you, "modeline"
will be turned off* (since the program will be executing vi directly, rather
than using the alias).  And you can avoid putting vi-specific code in news
readers (and other software) that might not work for folks using other editors.
-- 
*Modulo a ".exrc" file in the current directory that sets "modeline".
-- 
Vi is a trademark of Patrick McGoohan.
-- 
	Arthur David Olson    ado at ncifcrf.gov    ADO is a trademark of Ampex.

More information about the Comp.unix.wizards mailing list