news@rosevax.Rosemount.COM (News administrator) (12/06/88)
Here are the context diffs to fix Rnmail and Pnews.
Larry Wall, do you copy?
*** Rnmailx Mon Dec 5 14:38:21 1988
--- Rnmail Mon Dec 5 14:37:27 1988
***************
*** 200,206 ****
;;
esac
done
! ${VISUAL-${EDITOR-$defeditor}} $tmpart $oldart
trap "$rescue" 2
state=ask
;;
--- 200,206 ----
;;
esac
done
! ${VISUAL-${EDITOR-$defeditor}} '+set nomodeline' $tmpart $oldart
trap "$rescue" 2
state=ask
;;
*** Pnewsx Mon Dec 5 14:37:52 1988
--- Pnews Mon Dec 5 14:37:32 1988
***************
*** 317,323 ****
esac
done
trap : 2
! ${VISUAL-${EDITOR-$defeditor}} $tmpart $oldart
trap "$rescue" 2
state=ask
;;
--- 317,323 ----
esac
done
trap : 2
! ${VISUAL-${EDITOR-$defeditor}} '+set nomodeline' $tmpart $oldart
trap "$rescue" 2
state=ask
;;
------
Merlyn LeRoy
Tested and approved by #17.guy@auspex.UUCP (Guy Harris) (12/06/88)
>*** 200,206 **** ... >! ${VISUAL-${EDITOR-$defeditor}} $tmpart $oldart ... >--- 200,206 ---- ... >! ${VISUAL-${EDITOR-$defeditor}} '+set nomodeline' $tmpart $oldart ... Sorry, wrong answer. *I* set EDITOR to "(appropriate directory)/emacs", and it wouldn't like "+set nomodeline" at all. For that matter, I don't remember whether the older (e.g., 4.2BSD) versions of "vi" had a "nomodeline" option. And, even though the S5R3 one has an option like that, it calls it "modelines", not "modeline", sigh. (Since I think AT&T's "vi" derives from one of around 4.2BSD vintage, this suggests that there might not have been such an option in the 4.2BSD one, and that AT&T and Berkeley added it independently.) If you insist on sticking "+set nomodeline" here, rather than in the user's ".exrc" where it belongs (there are plenty of other files that could contain modelines, and that could really screw up things; at least one file that often contains the magic nasty sequences is "/etc/passwd"), make sure 1) it *only* does so if the last component of the editor's name is "ex" or "vi" and 2) that it's easily configurable, so you can support 1) 4.3BSD systems with "modeline" 2) S5R3 systems with "modelines" 3) other systems with neither
dce@mips.COM (David Elliott) (12/06/88)
In article <6798@rosevax.Rosemount.COM> merlyn@ernie.rosemount.com writes: >! ${VISUAL-${EDITOR-$defeditor}} '+set nomodeline' $tmpart $oldart Did you test this with emacs? ed? Other editors that may not understand '+set nomodeline'? Isn't the problem that vi/ex need to be executed specially? In that case, a proper way to handle this would be TEXTED=${VISUAL-${EDITOR-$defeditor}} case "$TEXTED" in vi|*/vi|ex|*/ex) "$TEXTED" '+set nomodeline' $tmpart $oldart ;; *) "$TEXTED" $tmpart $oldart ;; esac Disclaimers: No, I didn't test this code. Yes, there may be other names for ex/vi I didn't handle. -- David Elliott dce@mips.com or {ames,prls,pyramid,decwrl}!mips!dce "Did you see his eyes? Did you see his crazy eyes?" -- Iggy (who else?)
geoff@desint.UUCP (Geoff Kuenning) (12/07/88)
In article <6798@rosevax.Rosemount.COM> merlyn@ernie.rosemount.com writes: > Here are the context diffs to fix Rnmail and Pnews. > Larry Wall, do you copy? Sorry, but these diffs are not exactly adequate. They presume that all users use vi, which is not at all true. To support all editors, you would have to do something like: caes "${VISUAL-${EDITOR-$defeditor}}" in vi|*/vi|ex|*/ex) nomodeline='+set nomodeline' ;; esac ... ${VISUAL-${EDITOR-$defeditor}} ${nomodeline:+"$nomodeline"} $tmpart $oldart -- Geoff Kuenning geoff@ITcorp.com uunet!desint!geoff
lwall@jpl-devvax.JPL.NASA.GOV (Larry Wall) (12/07/88)
In article <6798@rosevax.Rosemount.COM> merlyn@ernie.rosemount.com writes:
: Here are the context diffs to fix Rnmail and Pnews.
: Larry Wall, do you copy?
The fix presumes everyone on your machine runs vi. Is there any reason you
can't fix it in your .exrc file?
Larry Wall
lwall@jpl-devvax.jpl.nasa.gov
"So many programs, so little time..."gordon@sneaky.TANDY.COM (Gordon Burditt) (12/07/88)
>Here are the context diffs to fix Rnmail and Pnews. >Larry Wall, do you copy? [Condensed down guts of patch follow:] < ${VISUAL-${EDITOR-$defeditor}} $tmpart $oldart > ${VISUAL-${EDITOR-$defeditor}} '+set nomodeline' $tmpart $oldart Isn't this fix more than a little vi-specific? If EVERYONE at your site uses vi, fine, but I think it breaks attempts to use any editor other than vi. /bin/ed merrily edits the file '+set nomodeline'. Then Pnews or Rnmail work with the unmodified file. Emacs will probably do something strange with it also. Further, not all versions of vi even have a "nomodeline" option. Gordon L. Burditt ...!texbell!sneaky!gordon
msb@sq.uucp (Mark Brader) (12/07/88)
merlyn@ernie.rosemount.com writes: > ! ${VISUAL-${EDITOR-$defeditor}} '+set nomodeline' $tmpart $oldart Fix, humbug. The reason the first part of that line reads as it does is that not everybody uses the same editor! Try this, as a first approximation: editor=${VISUAL-${EDITOR-$defeditor}} case "$editor" in *vi|*ex) : adjust this to match local synonyms for vi editor="$editor '+set nomodeline'";; esac eval $editor $tmpart $oldart Mark Brader, SoftQuad Inc., Toronto BSD is a bug, utzoo!sq!msb, msb@sq.com not a feature.
news@rosevax.Rosemount.COM (News administrator) (12/07/88)
> = Guy Harris >For that matter, I don't remember whether the older (e.g., 4.2BSD) >versions of "vi" had a "nomodeline" option. Not having an older vi, I can't tell either. If anyone has a vi that doesn't understand +set nomodeline[s], they should speak up. >And, even though the S5R3 one has an option like that, it calls it >"modelines", not "modeline", sigh. Not having Vr3, I didn't know this. Feel free to post corrections. Ideally, the configuration program would figure it out itself, and also determine if an editor called 'edit' exists and is a version of ex (I felt 'edit' was too likely to be the name of a non-ex-derived editor and didn't include it in my followup correction). >If you insist on sticking "+set nomodeline" here, rather than in the >user's ".exrc" where it belongs... No, it belongs in any code that puts uncontrolled text into a file and executes a "vi"-like editor. A number of vi's have "modeline" on by default, and many people don't know about it. If Pnews can be made more robust, it should be. Now for a different question... any other common editors (emacs, etc) with a similar hook? Any way to disable it? Merlyn LeRoy
ok@quintus.uucp (Richard A. O'Keefe) (12/08/88)
In article <6811@rosevax.Rosemount.COM> merlyn@ernie.Rosemount.COM (Brian Westley) writes: >> = Guy Harris >>For that matter, I don't remember whether the older (e.g., 4.2BSD) >>versions of "vi" had a "nomodeline" option. > >Not having an older vi, I can't tell either. If anyone has a vi >that doesn't understand +set nomodeline[s], they should speak up. Sequent DYNIX V3.0.12: 'ucb' universe (4.2ish BSD): 'vi' understands "set nomodeline" 'att' universe (V.2.0 i386): 'vi' does NOT understand "set nomodeline"
guy@auspex.UUCP (Guy Harris) (12/09/88)
>>If you insist on sticking "+set nomodeline" here, rather than in the >>user's ".exrc" where it belongs... > >No, it belongs in any code that puts uncontrolled text into a file >and executes a "vi"-like editor. A number of vi's have "modeline" >on by default, and many people don't know about it. The only "vi"s that I know of that have "modeline" on by default don't let you turn it off (i.e., there *is* no "modeline" or "modelines" option, it *always* recognizes mode lines); both the 4.3BSD and S5R3 versions have it off by default. Unless you know of one that has it on by default *and* that lets you turn it off, the "number" in "number of vi's" is 0. >If Pnews can be made more robust, it should be. The file most likely to contain bogus mode lines is probably the password file, not "vi". Not everybody edits their password file with "vipw" (especially on System V, which as distributed by AT&T doesn't *have* "vipw"). >Now for a different question... any other common editors (emacs, etc) with >a similar hook? Any way to disable it? Fortunately, EMACS doesn't have that wretched mechanism, so there's no need to disable it.
wjc@ho5cad.ATT.COM (Bill Carpenter) (12/09/88)
In article <6811@rosevax.Rosemount.COM> news@rosevax.Rosemount.COM (News administrator) writes:
: [discussion of "vi" modeline misfeature]
: Now for a different question... any other common editors (emacs, etc) with
: a similar hook? Any way to disable it?
In GNU emacs there is a similar hazard ("find a file" means, roughly,
fetch it into the editor):
; inhibit-local-variables's value is t
;
; Documentation:
; *Non-nil means query before obeying a file's local-variables list.
; This applies when the local-variables list is scanned automatically
; after you find a file. If you explicitly request such a scan with
; M-x normal-mode, there is no query, regardless of this variable.
Alas, the default is nil, meaning that stuff (arbitrary GNU emacs
commands) can happen to you automatically. On systems where I have an
influence on the installation, I get this put in globally (practically
the only non-standard thing I want in "site-init.el"):
(setq inhibit-local-variables t)
Any users who are curious about this and/or want to turn it on for
themselves can read about it and set it to nil on their own accord.
BTW, this thing is particularly hazardous to people who use GNU emacs
"rmail" for reading their mail. You can cause them discomfort from
far, far away. I've demonstrated this to doubters by sending them
mail that splits their windows vertically when they read it.
--
--
Bill Carpenter att!ho5cad!wjc or attmail!billeggert@sea.sm.unisys.com (Paul Eggert) (12/09/88)
|Now for a different question... any other common editors (emacs, etc) with |a similar hook? Any way to disable it? GNU Emacs has a similar hook. To disable it, put (setq inhibit-local-variables t) into your ~/.emacs file.
newsadm@mcgp1.UUCP (Netnews Administrator) (12/10/88)
In article <6811@rosevax.Rosemount.COM>, news@rosevax.Rosemount.COM (News administrator) writes: > If anyone has a vi > that doesn't understand +set nomodeline[s], they should speak up. The AT&T 3B1 (aka 7300 aka UNIX-PC) vi has modeline[s] on by default, with no way to turn it off! I'm thinking of writing a simple C program, called vi, that scans the file[s] to be edited looking for the culprit string. It will delete or modify the offending string and then call the real vi. I don't know how much interest there is in something like this, but I will post the source if and when I ever get it done. John Opalko jgo@mcgp1.UUCP (3B2 at work) john@n7kbt.WA.COM (3B1 at home)
ron@feathers.ATT.COM (2589) (12/12/88)
In article <1687@mcgp1.UUCP> newsadm@mcgp1.UUCP (Netnews Administrator) writes: ]In article <6811@rosevax.Rosemount.COM>, news@rosevax.Rosemount.COM (News administrator) writes: ]> If anyone has a vi ]> that doesn't understand +set nomodeline[s], they should speak up. ] ]The AT&T 3B1 (aka 7300 aka UNIX-PC) vi has modeline[s] on by default, with ]no way to turn it off! I'm thinking of writing a simple C program, called vi, ]that scans the file[s] to be edited looking for the culprit string. It will ] ... ] John Opalko If indeed there is no way to turn it off, you may not have a choice but to scan the file first. However, you may not need a separate C program to do it - read on. If modelines can be turned off, and you are trying to protect users who don't disable modelines in .exrc, you can change Pnews/Rnmail/whatever to print out a couple of lines into a temp file and append the "real" message to it, having these lines trigger the modelines (or equivalent emacs magic) - something like: <e><x><:> set nomodelines or, for the case above (where modeline cannot be disabled) <e><x><:> g/^[ TAB][ev][xi]:/s//MODELINE:/ Then, at the end of the editing session, these lines can be removed. Ron. -- Ron Saad - WF2K ...!att!feathers!ron Interface Systems ron@feathers.ATT.COM @ AT&T Bell Labs, Red Hill (201) 615-2589
bdb@becker.UUCP (Bruce Becker) (12/13/88)
In article <1687@mcgp1.UUCP> newsadm@mcgp1.UUCP (Netnews Administrator) writes: >In article <6811@rosevax.Rosemount.COM>, news@rosevax.Rosemount.COM (News administrator) writes: >> If anyone has a vi >> that doesn't understand +set nomodeline[s], they should speak up. > >The AT&T 3B1 (aka 7300 aka UNIX-PC) vi has modeline[s] on by default, with >no way to turn it off! I'm thinking of writing a simple C program, called vi, >that scans the file[s] to be edited looking for the culprit string. It will >delete or modify the offending string and then call the real vi. I don't >know how much interest there is in something like this, but I will post the >source if and when I ever get it done. There have been postings in the "unix-pc" hierarchy which provide patches to the vi binary to turn off modeline. You should look there - they might have been cross-posted to "comp.sys.att" as well... > John Opalko > > jgo@mcgp1.UUCP (3B2 at work) > john@n7kbt.WA.COM (3B1 at home) Cheers, -- Bruce Becker Toronto, Ont. Internet: bdb@becker.UUCP, bruce@gpu.utcs.toronto.edu, becker@ziebmef.UUCP BitNet: BECKER@HUMBER.BITNET "Paranoia is its own reward" - Lyon Bullroarey, honorary American
allbery@ncoast.UUCP (Brandon S. Allbery) (12/14/88)
As quoted from <6811@rosevax.Rosemount.COM> by news@rosevax.Rosemount.COM (News administrator): +--------------- | > = Guy Harris | >If you insist on sticking "+set nomodeline" here, rather than in the | >user's ".exrc" where it belongs... | | No, it belongs in any code that puts uncontrolled text into a file | and executes a "vi"-like editor. A number of vi's have "modeline" | on by default, and many people don't know about it. If Pnews can be | made more robust, it should be. +--------------- And just how does this protect the superuser who edits /etc/passwd when someone's username ends with "ex", etc.? Pnews is not the only culprit, and you can't catch *all* programs that might do it. (And if you propose blocking "ex[colon]" sequences in the password file, you'll be in for a lot of hate mail....) The proper place to put it is $HOME/.exrc; it should be in the .exrc that is copied in for new users (assuming that everyone uses a program/shell script/whatever to install new users; a shell script, at least, is trivial). +--------------- | Now for a different question... any other common editors (emacs, etc) with | a similar hook? Any way to disable it? +--------------- Emacs (FULL emacs, NOT Jove/Microemacs/mg/etc.) has a feature for modifying the editor's settings from a loaded file; but invoking it is non-trivial (you need a VERY fancy sequence in the file) and it won't execute generalized commands (s-expressions) (at least, I *think* it won't...) so it's nowhere near as dangerous. ++Brandon (P.S. And just how does your Pnews fix change what /usr/bin/postnews does?) -- Brandon S. Allbery, comp.sources.misc moderator and one admin of ncoast PA UN*X uunet!hal.cwru.edu!ncoast!allbery <PREFERRED!> ncoast!allbery@hal.cwru.edu allberyb@skybridge.sdi.cwru.edu <ALSO> allbery@uunet.uu.net comp.sources.misc is moving off ncoast -- please do NOT send submissions direct Send comp.sources.misc submissions to comp-sources-misc@<backbone>.
charles@c3pe.UUCP (Charles Green) (01/09/89)
[There's something strange in your CPU ... Who ya gonna call? WORMBUSTERS!] In article <6811@rosevax.Rosemount.COM>, news@rosevax.Rosemount.COM (News administrator) writes: > If anyone has a vi > that doesn't understand +set nomodeline[s], they should speak up. CTIX 5.22 on a Convergent MightyFrame (S320): % cat /tmp/junk ex::!echo Gotcha: % echo $EXINIT set nomodeline % vi /tmp/junk modeline: No such option - 'set all' gives all option values "/tmp/junk" 1 line, 18 characters Gotcha [Hit return to continue] -- Charles Green, C3 Inc charles%c3pe@decuac.dec.com ex::!echo Gotcha: (vi modeline test - is your system secure?)
wcs@alice.UUCP (Bill Stewart, usually) (01/24/89)
In article <6811@rosevax.Rosemount.COM>, news@rosevax.Rosemount.COM (News administrator) writes: > If anyone has a vi > that doesn't understand +set nomodeline[s], they should speak up. The vi versions 3.7 - 3.9 distributed with 4.1BSD and System V / SVR2 don't! This means that most people with System V clones (except 386-based) don't. Modelines were introduced in version 3.7 (October 1981). Version 3.9 (Feb 1983) is the main terminfo version in AT&T SVR2 releases. Sometime after that, the folks around netnews decided that modelines were a security risk, and either were too evil to retain, or at least something that needs to be optional. (I've forgotten if 4.2BSD has the fix.) Unfortunately, the fixes in SVR3 and 4.3BSD differ on whether nomodelines should have an "s" at the end. Also unfortunately, many vendors have decided to assign their own version numbers, so you can't tell what version you have any more. -- # Thanks; # Bill Stewart, att!ho95c!wcs, AT&T Bell Labs Holmdel NJ 1-201-949-0705