John Beckett wrote:
> A.J.Mechelynck wrote:
> >> Is folding really needed in a default modeline?
> > Folding may be useful in a modeline.
> > (Don't know what you call a "default" modeline.)
>
> By "default modeline" I mean I would like Vim to be changed so
> that its default behaviour is aggressively safe. If wanted,
> there could be a new option to enable clever features, and a
> user could choose to allow modelines with folding or expression
> evaluation, etc.
This is not true. It just reduces the chance of a mistake being made by
an unknown factor. It's still possible to allow an option to be set,
thinking that it is OK, but we later find out that it was not OK. Just
like carefully removing mistakes and screening the options for mistakes
does help to make it safer. Thus it doesn't make an essential
difference. N times as safe still isn't 100% safe.
In other words: If we have an option "run insecure" nobody would set it.
Vim must be secure as-is.
> But the only long-term safe procedure is to have Vim *default*
> to work with only very restricted modelines (set tab and other
> options - no way to even get near executing code).
As they sometimes joke: The best way to protect your computer from
malicious software is to switch it off. Likewise, the only really safe
way is to disable modelines. Obviously you pay a price: restricted
functionality. Options to partly disable modelines make it more
complicated and don't help much for security.
> I am wondering what the lack of comment on this topic indicates.
> Do you understand that another modeline vulnerability could
> allow the next file you open to overwrite all files under your
> home folder? Or it might overwrite all sectors on your disk, if
> you have sufficient privilege.
Don't forget that this requires someone who intentionally wants this
evil thing to happen. So far the only examples seen are jokes and proof
of concept. I have never seen a file with a modeline that intentionally
causes harm.
> How about if you go to another computer that you rarely use.
> Would you be happy using Vim on that computer?
> Network admins in secure environments should be prohibited
> from using Vim.
Modelines are default off when you are root. The mail filetype plugin
also switches it off.
> If I am overlooking something, or am overly alarmist, please
> tell me. For anyone new to this, enter following in Google:
> vim vulnerability modeline
Thanks for the advertisement! :-).
--
Give a man a computer program and you give him a headache,
but teach him to program computers and you give him the power
to create headaches for others for the rest of his life...
R. B. Forest
/// Bram Moolenaar -- [EMAIL PROTECTED] -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ download, build and distribute -- http://www.A-A-P.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
