Xref: utzoo news.sysadmin:1779 comp.unix.wizards:13099
Path: utzoo!utgpu!watmath!clyde!att!rutgers!mailrus!ames!haven!decuac!hadron!jsdy
From: jsdy@hadron.UUCP (Joseph S. D. Yao)
Newsgroups: news.sysadmin,comp.unix.wizards
Subject: Re: Trojan horse possible with news readers
Summary: One fix ...
Message-ID: <817@hadron.UUCP>
Date: 2 Dec 88 16:38:05 GMT
References: <6775@rosevax.Rosemount.COM>
Reply-To: jsdy@hadron.UUCP (Joseph S. D. Yao)
Organization: Hadron, Inc., Fairfax, VA
Lines: 21
In article <6775@rosevax.Rosemount.COM> merlyn@ernie.rosemount.com writes:
> ... some versions of vi will execute
>commands if it sees a line (near the top or bottom of a file)
>of the form <:><:>
System V Release 3 has a "modelines" attribute, which defaults to
"nomodelines". This is a Very Good Idea (defaulting to off).
I have added other necessary fixes. The check is, roughly, to find
the first ':' and then check for the previous two characters' match
with "ex" or "vi". The necessary fixes are:
(1) Check that the ':' is not one of the first two
characters, otherwise you will be checking against
non-existent characters on that line.
(2) Check that either the ':' is exactly the third
character on the line, or that the third character
back isspace(). Otherwise, lines like:
levi:PASSWORD DELETED:Dolly Levi of Upstate NY:/usr/levi:/match
will trigger the "feature".
Joe Yao uunet!hadron!jsdy