On Sat, 28 Apr 2007 22:43:23 +1000, "John Beckett" <[EMAIL PROTECTED]> wrote:
> "Potentially unsafe" means we're pretty sure it IS safe, but > (for example), it's simply not worthwhile allowing a modeline > longer than 100 bytes because if another vulnerability were > ever found, we don't want to make it easy for the attacker. I don't like the idea of preventing modelines over 100 bytes. To start with, there's no real logic behind it: it's an arbitrary number pulled out of thin air, and I put it in the same category as saying "it's OK to use gets() so long as you use a long enough buffer that it'll never overflow". A modeline that's long enough to allow useful things to be done is long enough to allow unpleasant things to be done. Furthermore, what am I supposed to do if I want a long, complicated but legitimate modeline? I like Perl's approach to untrustworthy data. It's flagged as tainted at the point it is read, and anything derived from it is also flagged as tainted. Tainted information cannot be used in unsafe operations, ever. From what I've read in this thread Vim does something similar, but in a way that's less complete. That's the right way to go about it. Setting an arbitrary limit and hoping it'll have the effect of improving security is far too optimistic for my tastes. -- Matthew Winn
