mark@cbosgd.UUCP (Mark Horton) (04/18/84)
It has recently been pointed out that the mode line feature of vi can
cause some problems, among them a potentially serious security breach.
Clearly a change needs to be made. I'd like input from the user
community about what change to make.
If you're wondering what mode lines are, let me summarize. They allow
you to embed a line in the first or last 5 lines of a file that automatically
do certain ex commands every time you read in the file. For example, you
may want to set certain modes or set up certain macros. The lines must
contain vi: or ex:, then the commands, then a trailing :. The context does
not matter, so you can enclose them in a comment. For example:
/* vi: set autoindent tabstop=4 shiftwidth=4|map! { ^V{^M^D}^[O^I: */
This idea is based upon a similar (but less general) feature in EMACS.
Due to an oversight, mode lines were never documented.
People are starting to point out that the passwd file might have a user
name ending in vi or ex, resulting in garbage. And there is a security
problem here involving the ! command. There is also a bug which causes
vi to hang if you use a + command line option on a file containing a mode
line. And it is possible to create a file which cannot be edited if you
work at it a little.
The question is, what to do about it. Since mode lines were never documented,
it's probably safe to delete them. But I never like to delete features without
consulting the users to see what the impact would be. If people out there
are actually using this feature (or would like to), I'd appreciate knowing
what you use it for, and any suggestions on how to restrict it to be safe,
and guard it to prevent accidental invocation by passwd files.
Mark Hortonsmoot@ut-sally.UUCP (Smoot Carl-Mitchell) (04/19/84)
I deleted the mode line feature here at our site.
I am not particularly fond of having imbedded commands within
the text file to be edited. There is always the danger of
"accidentally" invoking a feature of the editor which may not
be intended.
None of our users use this feature. Of course, if it had been
documented, it is possible some would have used it. My vote
at the present time is to just drop the mode line feature.
If some feel it must be retained then restrict the set of
commands to just the "set" command, as that would be the most
commonly used one in this context.
--
Smoot Carl-Mitchell, CS Dept. University of Texas at Austin
{seismo, ctvax, ihnp4}!ut-sally!smoot, smoot@ut-sally.{ARPA, UUCP}mark@elsie.UUCP (04/20/84)
We have vi under 4.1 bsd. The mode line *does not work* under this version of vi (version 6.4 according to what). I think it would be a useful feature to say the least. I frequently want to set special options for different types of files. By all means, get it debugged and get it documented. -- Mark J. Miller NIH/NCI/DCE/LEC UUCP: decvax!harpo!seismo!rlgvax!cvl!elsie!mark Phone: (301) 496-5688