On Fri, 4 May 2007 14:20:22 +1000 "John Beckett" <[EMAIL PROTECTED]> wrote: > I mentioned that the first step for point 4 should (IMHO) be > rejecting any modeline beyond some fairly small maximum size.
Most previous exploits have been exploitable with far below the line length that is reasonably used by sensible people. > What I'd really like would be a separate sanity check that > verifies that the syntax in the modeline is boringly standard > 'set' options for a declared whitelist of things that a modeline > is allowed to do. http://www.vim.org/scripts/script.php?script_id=1876 > For example, 100 bytes of malware might be able to erase my > files, but perhaps it couldn't do something more sophisticated > like launching a hidden infiltration of my network. 100 bytes is more than enough room to download and execute a file that contains the real malicious code. -- Ciaran McCreesh
signature.asc
Description: PGP signature
