mark@cbosgd.UUCP (Mark Horton) (04/18/84)
It has recently been pointed out that the mode line feature of vi can
cause some problems, among them a potentially serious security breach.
Clearly a change needs to be made. I'd like input from the user
community about what change to make.
If you're wondering what mode lines are, let me summarize. They allow
you to embed a line in the first or last 5 lines of a file that automatically
do certain ex commands every time you read in the file. For example, you
may want to set certain modes or set up certain macros. The lines must
contain vi: or ex:, then the commands, then a trailing :. The context does
not matter, so you can enclose them in a comment. For example:
/* vi: set autoindent tabstop=4 shiftwidth=4|map! { ^V{^M^D}^[O^I: */
This idea is based upon a similar (but less general) feature in EMACS.
Due to an oversight, mode lines were never documented.
People are starting to point out that the passwd file might have a user
name ending in vi or ex, resulting in garbage. And there is a security
problem here involving the ! command. There is also a bug which causes
vi to hang if you use a + command line option on a file containing a mode
line. And it is possible to create a file which cannot be edited if you
work at it a little.
The question is, what to do about it. Since mode lines were never documented,
it's probably safe to delete them. But I never like to delete features without
consulting the users to see what the impact would be. If people out there
are actually using this feature (or would like to), I'd appreciate knowing
what you use it for, and any suggestions on how to restrict it to be safe,
and guard it to prevent accidental invocation by passwd files.
Mark Hortonsmoot@ut-sally.UUCP (Smoot Carl-Mitchell) (04/19/84)
I deleted the mode line feature here at our site.
I am not particularly fond of having imbedded commands within
the text file to be edited. There is always the danger of
"accidentally" invoking a feature of the editor which may not
be intended.
None of our users use this feature. Of course, if it had been
documented, it is possible some would have used it. My vote
at the present time is to just drop the mode line feature.
If some feel it must be retained then restrict the set of
commands to just the "set" command, as that would be the most
commonly used one in this context.
--
Smoot Carl-Mitchell, CS Dept. University of Texas at Austin
{seismo, ctvax, ihnp4}!ut-sally!smoot, smoot@ut-sally.{ARPA, UUCP}mark@elsie.UUCP (04/20/84)
We have vi under 4.1 bsd. The mode line *does not work* under this version of vi (version 6.4 according to what). I think it would be a useful feature to say the least. I frequently want to set special options for different types of files. By all means, get it debugged and get it documented. -- Mark J. Miller NIH/NCI/DCE/LEC UUCP: decvax!harpo!seismo!rlgvax!cvl!elsie!mark Phone: (301) 496-5688
rpw3@fortune.UUCP (04/24/84)
#R:cbosgd:-128100:fortune:2000009:000:1233
fortune!rpw3 Apr 23 19:01:00 1984
Instead of "mode lines", I would prefer what someone else suggested:
Extend the $HOME/.exrc to include "startup actions" based
on filename pattern matches, like "*.c) set autoindent"
Whatever you do, make SURE that it is ONLY the person who executes "vi"
that gets to say what it does. This seems to necessarily imply data in a
separate file, probably in $HOME. The use of "./.exrc" is full of more
Trojan Horse problems. Don't include it. But note that the filename
patterns in $HOME/.exrc could include slashes:
*/man/*) set para=QSQEBSBELPPPRTIPDSDEFSFE
*/src/*) set autoindent showmatch nowrap
That only works if you're OUTSIDE the directory, but using 'csh' patterns,
you could even say
if($cwd =~ */man/*) set para=QSQEBSBELPPPRTIPDSDEFSFE
if($cwd =~ */src/*) set autoindent showmatch nowrap
or if($fullpath =~ ...) ...
The point is, there are LOTS of ways to get the functionality, without
the (1) security problems, and (2) making textfiles suddenly be editor
dependent (I use 'vi' MOST of the time, but also use 'ed', 'screen', etc.).
Rob Warnock
UUCP: {ihnp4,ucbvax!amd70,hpda,harpo,sri-unix,allegra}!fortune!rpw3
DDD: (415)595-8444
USPS: Fortune Systems Corp, 101 Twin Dolphin Drive, Redwood City, CA 94065lee@west44.UUCP (04/26/84)
Using a shell script to reconfigure vi as you call it doesn't help when you edit a new file from inside vi. Having some way of setting different options on editing a new ``type'' of file is a far better method. H*lls bells I had a hacked up 'ed' which used to do that! If we had more than 30 free bytes of code space in vi I'd hack it in myself! (PDP-11/44 in case you're wondering.) -- "The wizard of OS" Lee McLoughlin ....!ukc!root44!west44!lee ....!ukc!lmcl