Trojan horse possible with news readers
Joseph S. D. Yao
jsdy at hadron.UUCP
Sat Dec 3 02:38:05 AEST 1988
In article <6775 at rosevax.Rosemount.COM> merlyn at ernie.rosemount.com writes:
> ... some versions of vi will execute
>commands if it sees a line (near the top or bottom of a file)
>of the form <e><x><:><command><:>
System V Release 3 has a "modelines" attribute, which defaults to
"nomodelines". This is a Very Good Idea (defaulting to off).
I have added other necessary fixes. The check is, roughly, to find
the first ':' and then check for the previous two characters' match
with "ex" or "vi". The necessary fixes are:
(1) Check that the ':' is not one of the first two
characters, otherwise you will be checking against
non-existent characters on that line.
(2) Check that either the ':' is exactly the third
character on the line, or that the third character
back isspace(). Otherwise, lines like:
levi:PASSWORD DELETED:Dolly Levi of Upstate NY:/usr/levi:/match
will trigger the "feature".
Joe Yao uunet!hadron!jsdy
More information about the Comp.unix.wizards
mailing list