Bram Moolenaar wrote:
N times as safe still isn't 100% safe.
I am not claiming that sanity-checking a modeline before execution would make it 100% safe. But there have been many examples in other software where minor bugs have turned into security disasters because some simple point that could have been checked, wasn't. While code is working correctly, a simple check is redundant, and indeed is offensive because it lengthens and obscures the code. But a few simple checks may prevent disaster at some future time, when Vim is further developed. The Google test (searching for past instances of trouble with Vim's modeline) proves the case that future problems are likely.
Modelines are default off when you are root. The mail filetype plugin also switches it off.
Good grief - I didn't know that. So you *have* got sanity checks built in! I'll go and sit in the corner now, but thanks for confirming that multiple layers of defence are desirable. John
