Matthew Winn wrote:
I don't like the idea of preventing modelines over 100 bytes.
I imagine (haven't looked) that a modeline has no hard limit to its length. So multi-megabyte modelines are probably handled by Vim. That's potentially offering attackers extraordinary power. Would someone who wants a modeline longer than 100 bytes please show us an example. How about a 200-byte limit? Modelines are enabled by default, and are very useful for things like setting tabs. So most people, and all new installs, will have modelines enabled. It's very poor security practice to offer a rich auto-execution environment with a single line of defence (the sandbox). This discussion reminds me of the days of the Code Red vulnerability in IIS (Microsoft web server), and of the years of repeated vulnerabilities in Internet Explorer. The IIS and IE developers just couldn't bring themselves to build in limits to what their wonderful software could do. "But a web site might need a 100KB URL with hundreds of '../' paths!".
Furthermore, what am I supposed to do if I want a long, complicated but legitimate modeline?
I would like a default "high security" setting for handling modelines. If people want modelines that do complex stuff, I would recommend setting a new "anything goes" option.
I like Perl's approach to untrustworthy data. It's flagged as tainted at the point it is read, and anything derived from it is also flagged as tainted.
Perl has to have that system because part of its intended usage is to handle data entered into web pages. It's pretty complex and has taken years to get right. Vim is a text editor - it should not automatically execute code in any old file that I might accidentally open. John
