A.J.Mechelynck wrote:
Is folding really needed in a default modeline?
Folding may be useful in a modeline.
(Don't know what you call a "default" modeline.)
By "default modeline" I mean I would like Vim to be changed so
that its default behaviour is aggressively safe. If wanted,
there could be a new option to enable clever features, and a
user could choose to allow modelines with folding or expression
evaluation, etc.
But the only long-term safe procedure is to have Vim *default*
to work with only very restricted modelines (set tab and other
options - no way to even get near executing code).
I am wondering what the lack of comment on this topic indicates.
Do you understand that another modeline vulnerability could
allow the next file you open to overwrite all files under your
home folder? Or it might overwrite all sectors on your disk, if
you have sufficient privilege.
How about if you go to another computer that you rarely use.
Would you be happy using Vim on that computer?
Network admins in secure environments should be prohibited
from using Vim.
If I am overlooking something, or am overly alarmist, please
tell me. For anyone new to this, enter following in Google:
vim vulnerability modeline
I just noticed that the fourth hit features Ciaran McCreesh who
discovered a vulnerability in January 2005.
John
