gil@limbic.UUCP (Gil Kloepfer Jr.) (11/29/88)
My apologies in advance for this. THIS VERSION OF THE PATCH WORKS! Lenny
Tropiano (lenny@icus) whom we all know and love for his fine work has a nasty
habit of reversing numbers as he did in a last minute addition to my vi patch
program so that it would work for people who didn't have the encryption set
installed. Well, his addition messed up the patch for those who DO have
the encryption set installed! It now works...again, sorry for the wasted
bandwidth.
Again, for those who have seen this for the first time -- this patch disables
the "modelines" option in the UNIX-pc version of vi. The option allows people
to mail/post/give files which will execute shell commands if edited...and could
cause havoc if abused. Most people never use the option, so disabling it is
a viable alternative (to bugging AT&T to death).
Again, my apologies. Please, no flames. This was all well-intentioned, and
it seems that my double-check of the version of vi saved the day :-)
-------
Gil Kloepfer, Jr. U-Net: {decuac,boulder,talcott,sbcs}!icus!limbic!gil
ICUS Software Systems Voice: (516) 968-6860 [H] (516) 746-2350 x219 [W]
P.O. Box 1 Internet: gil@icus.islp.ny.us
Islip Terrace, NY 11752 "Life's a ... well, you know..."
#! /bin/sh
# This is a shell archive. Remove anything before this line, then unpack
# it by saving it into a file and typing "sh file". To overwrite existing
# files, type "sh file -c". You can also feed this as standard input via
# unshar, or by typing "sh <file", e.g.. If this archive is complete, you
# will see the following message at the end:
# "End of shell archive."
# Contents: Makefile README modetest vifix.c
# Wrapped by gil@limbic on Mon Nov 28 20:45:58 1988
PATH=/bin:/usr/bin:/usr/ucb ; export PATH
if test -f Makefile -a "${1}" != "-c" ; then
echo shar: Will not over-write existing file \"Makefile\"
else
echo shar: Extracting \"Makefile\" \(399 characters\)
sed "s/^X//" >Makefile <<'END_OF_Makefile'
X#
X# Makefile to compile vifix.c (vi modeline elimination)
X# (c)1988 ICUS Software Systems UUCP: ...icus!software
X#
XCFLAGS=-v -O
XLDFLAGS=-s
XLIBS=/lib/crt0s.o /lib/shlib.ifile
X#
Xvifix: vifix.o
X @echo "Loading ..."
X $(LD) $(LDFLAGS) -o vifix vifix.o $(LIBS)
X @echo "Copying /usr/bin/vi to current directory ..."
X @cp /usr/bin/vi .
X @vifix
X @echo "Save old version, and copy \"vi\" to /usr/bin"
END_OF_Makefile
if test 399 -ne `wc -c <Makefile`; then
echo shar: \"Makefile\" unpacked with wrong size!
fi
# end of overwriting check
fi
if test -f README -a "${1}" != "-c" ; then
echo shar: Will not over-write existing file \"README\"
else
echo shar: Extracting \"README\" \(1465 characters\)
sed "s/^X//" >README <<'END_OF_README'
Xvi/ex modeline feature disable patch ... Gil Kloepfer, ICUS Software Systems
X----------------------------------------------------------------------------
X
XThis program and its Makefile are used to disable the modeline feature in
Xvi/ex which can inadvertantly allow malicious users to send "infected" files
Xto privileged users and disrupt system activities.
X
XThe patch is applied by executing the makefile ($ make). The makefile will
Xcompile the patch program, copy the vi editor executable file into your
Xcurrent directory and apply the patch to this copy. You should then make
Xa copy of the original vi editor, and copy the new one over the old one.
X
X # make
X # cp /usr/bin/vi /usr/bin/vi.OLD
X # cp ./vi /usr/bin/vi
X
XThanks to Lenny Tropiano for the makefile. Those who feel more comfortable
Xapplying the patch without any makefiles, the procedure is as follows:
X
X # cc -v -o vifix vifix.c
X # cd /usr/bin
X # cp vi vi.OLD
X # whatever-path/vifix
X
XThe vifix program will inform you if the version of vi you are fixing is
Xsupported by the patch program. Note that this message will also appear if
Xthe patch is already applied.
X
XYou can check to see if the patch really worked by editing the file
X"modetest" with this shell archive with vi. If a bannered word prints
Xout at all, the patch did not successfully take effect.
X
XAny further questions about the patch can be directed to Gil Kloepfer
Xat ...icus!limbic!gil, gil@limbic.UUCP, or gil@icus.islp.ny.us
END_OF_README
if test 1465 -ne `wc -c <README`; then
echo shar: \"README\" unpacked with wrong size!
fi
# end of overwriting check
fi
if test -f modetest -a "${1}" != "-c" ; then
echo shar: Will not over-write existing file \"modetest\"
else
echo shar: Extracting \"modetest\" \(71 characters\)
sed "s/^X//" >modetest <<'END_OF_modetest'
Xex:!banner "this":
Xei:!banner "is":
Xvx:!banner "a":
Xvi:!banner "test":
END_OF_modetest
if test 71 -ne `wc -c <modetest`; then
echo shar: \"modetest\" unpacked with wrong size!
fi
# end of overwriting check
fi
if test -f vifix.c -a "${1}" != "-c" ; then
echo shar: Will not over-write existing file \"vifix.c\"
else
echo shar: Extracting \"vifix.c\" \(1745 characters\)
sed "s/^X//" >vifix.c <<'END_OF_vifix.c'
X/*
X * vifix.c
X *
X * Program to patch UNIX-pc (3B1) "vi" editor so that the modeline
X * function is disabled.
X *
X * By Gil Kloepfer, Jr., Lenny Tropiano ICUS Software Systems 11/26/1988
X * Permission granted to redistribute without profit in the public domain
X * only. This header must remain in-tact as is. This program carries
X * no warranties, express or implied, and all consequences resulting from
X * the application of this patch are the sole responsibility of the user.
X *
X * Patch transforms the following byte pattern in vi -- this comment here
X * so that this program could be adapted to a newer version of vi:
X *
X * From:
X * 377 374 112 200 147 000 000 174 040
X * To:
X * 377 374 116 161 140 000 000 174 040
X *
X * This effectively skips over the modeline checking code in the editor.
X */
X
X#define NONCRYPT 26202L
X#define CRYPT 26434L
X
X#include <fcntl.h>
X
Xmain()
X{
X char buffer[3];
X int fd;
X
X if ((fd=open("vi",O_RDWR)) < 0) {
X perror("open");
X exit(1);
X }
X
X lseek(fd,NONCRYPT,0); /* check for ENHANCED EDITOR version */
X if (read(fd,buffer,3) != 3) {
X perror("read");
X exit(1);
X }
X
X if ((int)buffer[0] != 0112 &&
X (int)buffer[1] != 0200 &&
X (int)buffer[2] != 0147) {
X lseek(fd,CRYPT,0); /* check for ENCRYPTION SET version */
X if (read(fd,buffer,3) != 3) {
X perror("read");
X exit(1);
X }
X if ((int)buffer[0] != 0112 &&
X (int)buffer[1] != 0200 &&
X (int)buffer[2] != 0147) {
X printf("Version of vi not valid for this patch.\n");
X exit(1);
X }
X }
X
X lseek(fd,-3L,1); /* back up pointer 3 bytes */
X buffer[0]=(char)0116;
X buffer[1]=(char)0161;
X buffer[2]=(char)0140;
X write(fd,buffer,3);
X
X close(fd);
X printf("vi modeline elimination patch successfully applied\n");
X exit(0);
X}
END_OF_vifix.c
if test 1745 -ne `wc -c <vifix.c`; then
echo shar: \"vifix.c\" unpacked with wrong size!
fi
# end of overwriting check
fi
echo shar: End of shell archive.
exit 0res@cbnews.ATT.COM (Robert E. Stampfli) (12/03/88)
In article <405@limbic.UUCP> gil@limbic.UUCP (Gil Kloepfer Jr.) writes: >My apologies in advance for this. THIS VERSION OF THE PATCH WORKS! Welllll, it didn't work for me, so I went into my vi and found the string that Gil and Larry were talking about. Then I modified the program to use this offset and fixed a few bugs in the the logic. The results appear to work on my machine for both the encryption and non-encryption versions of vi. I am running version 3.5, and can almost certainly guarantee that the mods will not work on 3.51. (I do have access to 3.51, so I may play around with it if I have the time and if there is interest.) I must say, I have no idea what this fix does or why it works, so use it at your own risk. BTW, kudos to the both Gil and Larry for figuring out how to kill this abomination that should never have been part of vi in the first place. Rob Stampfli att!cbnews!res (work) osu-cis!n8emr!kd8wk!res (home) If you have had trouble with Gil's previous postings, try this one: #! /bin/sh # This is a shell archive, meaning: # 1. Remove everything above the #! /bin/sh line. # 2. Save the resulting text in a file. # 3. Execute the file with /bin/sh (not csh) to create: # Makefile # README # modetest # vifix.c # This archive created: Fri Dec 2 15:37:20 1988 export PATH; PATH=/bin:/usr/bin:$PATH echo shar: "extracting 'Makefile'" '(399 characters)' if test -f 'Makefile' then echo shar: "will not over-write existing file 'Makefile'" else sed 's/^ X//' << \SHAR_EOF > 'Makefile' X# X# Makefile to compile vifix.c (vi modeline elimination) X# (c)1988 ICUS Software Systems UUCP: ...icus!software X# XCFLAGS=-v -O XLDFLAGS=-s XLIBS=/lib/crt0s.o /lib/shlib.ifile X# Xvifix: vifix.o X @echo "Loading ..." X $(LD) $(LDFLAGS) -o vifix vifix.o $(LIBS) X @echo "Copying /usr/bin/vi to current directory ..." X @cp /usr/bin/vi . X @vifix X @echo "Save old version, and copy \"vi\" to /usr/bin" SHAR_EOF if test 399 -ne "`wc -c < 'Makefile'`" then echo shar: "error transmitting 'Makefile'" '(should have been 399 characters)' fi fi echo shar: "extracting 'README'" '(1465 characters)' if test -f 'README' then echo shar: "will not over-write existing file 'README'" else sed 's/^ X//' << \SHAR_EOF > 'README' Xvi/ex modeline feature disable patch ... Gil Kloepfer, ICUS Software Systems X---------------------------------------------------------------------------- X XThis program and its Makefile are used to disable the modeline feature in Xvi/ex which can inadvertantly allow malicious users to send "infected" files Xto privileged users and disrupt system activities. X XThe patch is applied by executing the makefile ($ make). The makefile will Xcompile the patch program, copy the vi editor executable file into your Xcurrent directory and apply the patch to this copy. You should then make Xa copy of the original vi editor, and copy the new one over the old one. X X # make X # cp /usr/bin/vi /usr/bin/vi.OLD X # cp ./vi /usr/bin/vi X XThanks to Lenny Tropiano for the makefile. Those who feel more comfortable Xapplying the patch without any makefiles, the procedure is as follows: X X # cc -v -o vifix vifix.c X # cd /usr/bin X # cp vi vi.OLD X # whatever-path/vifix X XThe vifix program will inform you if the version of vi you are fixing is Xsupported by the patch program. Note that this message will also appear if Xthe patch is already applied. X XYou can check to see if the patch really worked by editing the file X"modetest" with this shell archive with vi. If a bannered word prints Xout at all, the patch did not successfully take effect. X XAny further questions about the patch can be directed to Gil Kloepfer Xat ...icus!limbic!gil, gil@limbic.UUCP, or gil@icus.islp.ny.us SHAR_EOF if test 1465 -ne "`wc -c < 'README'`" then echo shar: "error transmitting 'README'" '(should have been 1465 characters)' fi fi echo shar: "extracting 'modetest'" '(71 characters)' if test -f 'modetest' then echo shar: "will not over-write existing file 'modetest'" else sed 's/^ X//' << \SHAR_EOF > 'modetest' Xex:!banner "this": Xei:!banner "is": Xvx:!banner "a": Xvi:!banner "test": SHAR_EOF if test 71 -ne "`wc -c < 'modetest'`" then echo shar: "error transmitting 'modetest'" '(should have been 71 characters)' fi fi echo shar: "extracting 'vifix.c'" '(2105 characters)' if test -f 'vifix.c' then echo shar: "will not over-write existing file 'vifix.c'" else sed 's/^ X//' << \SHAR_EOF > 'vifix.c' X/* X * vifix.c X * X * Program to patch UNIX-pc (3B1) "vi" editor so that the modeline X * function is disabled. X * X * By Gil Kloepfer, Jr., Lenny Tropiano ICUS Software Systems 11/26/1988 X * Modified by Rob Stampfli, osu-cis!n8emr!kd8wk!res, 12/2/88 X * X * Verified on AT&T Unix 3.5 for Unix-PC vi (encryption and non-encryption X * version) only. X * X * Permission granted to redistribute without profit in the public domain X * only. This header must remain in-tact as is. This program carries X * no warranties, express or implied, and all consequences resulting from X * the application of this patch are the sole responsibility of the user. X * X * Patch transforms the following byte pattern in vi -- this comment here X * so that this program could be adapted to a newer version of vi: X * X * From: X * 377 374 112 200 147 000 000 174 040 X * To: X * 377 374 116 161 140 000 000 174 040 X * X * This effectively skips over the modeline checking code in the editor. X */ X X#define NONCRYPT 26202L X#define CRYPT 26482L X X#include <fcntl.h> X Xmain() X{ X unsigned char buffer[3]; X int fd; X X if ((fd=open("vi",O_RDWR)) < 0) { X perror("open"); X exit(1); X } X X lseek(fd,NONCRYPT,0); /* check for ENHANCED EDITOR version */ X if (read(fd,buffer,3) != 3) { X perror("read"); X exit(1); X } X X if (buffer[0] != 0112 || X buffer[1] != 0200 || X buffer[2] != 0147) { X printf("0112 0200 0147 -> %o %o %o\n", X buffer[0], buffer[1], buffer[2]); X printf("Not ENHANCED ED vsn. Checking ENCRYPT SET vsn.\n"); X lseek(fd,CRYPT,0); /* check for ENCRYPTION SET version */ X if (read(fd,buffer,3) != 3) { X perror("read"); X exit(1); X } X if (buffer[0] != 0112 || X buffer[1] != 0200 || X buffer[2] != 0147) { X printf("0112 0200 0147 -> %o %o %o\n", X buffer[0], buffer[1], buffer[2]); X printf("Version of vi not valid for this patch.\n"); X exit(1); X } X } X X lseek(fd,-3L,1); /* back up pointer 3 bytes */ X buffer[0]=(char)0116; X buffer[1]=(char)0161; X buffer[2]=(char)0140; X write(fd,buffer,3); X X close(fd); X printf("vi modeline elimination patch successfully applied\n"); X exit(0); X} SHAR_EOF if test 2105 -ne "`wc -c < 'vifix.c'`" then echo shar: "error transmitting 'vifix.c'" '(should have been 2105 characters)' fi fi exit 0 # End of shell archive