Xref: utzoo unix-pc.bugs:67 unix-pc.sources:178
Path: utzoo!utgpu!watmath!uunet!cos!hqda-ai!icus!limbic!gil
From: gil@limbic.UUCP (Gil Kloepfer Jr.)
Newsgroups: unix-pc.bugs,unix-pc.sources
Subject: FIX-TO-FIX: UNIX-pc vi "modelines" disable patch
Keywords: ah sh*t, I should be more careful
Message-ID: <405@limbic.UUCP>
Date: 29 Nov 88 01:53:08 GMT
Distribution: unix-pc
Organization: ICUS Software Systems, Islip, NY
Lines: 202

My apologies in advance for this.  THIS VERSION OF THE PATCH WORKS!  Lenny
Tropiano (lenny@icus) whom we all know and love for his fine work has a nasty
habit of reversing numbers as he did in a last minute addition to my vi patch
program so that it would work for people who didn't have the encryption set
installed.  Well, his addition messed up the patch for those who DO have
the encryption set installed!  It now works...again, sorry for the wasted
bandwidth.

Again, for those who have seen this for the first time -- this patch disables
the "modelines" option in the UNIX-pc version of vi.  The option allows people
to mail/post/give files which will execute shell commands if edited...and could
cause havoc if abused.  Most people never use the option, so disabling it is
a viable alternative (to bugging AT&T to death).

Again, my apologies.  Please, no flames.  This was all well-intentioned, and
it seems that my double-check of the version of vi saved the day :-)

-------
Gil Kloepfer, Jr.          U-Net: {decuac,boulder,talcott,sbcs}!icus!limbic!gil
ICUS Software Systems      Voice: (516) 968-6860 [H]   (516) 746-2350 x219 [W]
P.O. Box 1                 Internet:  gil@icus.islp.ny.us
Islip Terrace, NY  11752   "Life's a ...  well, you know..."

#! /bin/sh
# This is a shell archive.  Remove anything before this line, then unpack
# it by saving it into a file and typing "sh file".  To overwrite existing
# files, type "sh file -c".  You can also feed this as standard input via
# unshar, or by typing "sh Makefile <<'END_OF_Makefile'
X#
X# Makefile to compile vifix.c  (vi modeline elimination)
X# (c)1988 ICUS Software Systems     UUCP:  ...icus!software
X#
XCFLAGS=-v -O
XLDFLAGS=-s
XLIBS=/lib/crt0s.o /lib/shlib.ifile
X#
Xvifix:  vifix.o
X	@echo "Loading ..."
X	$(LD) $(LDFLAGS) -o vifix vifix.o $(LIBS) 
X	@echo "Copying /usr/bin/vi to current directory ..."
X	@cp /usr/bin/vi .
X	@vifix
X	@echo "Save old version, and copy \"vi\" to /usr/bin"
END_OF_Makefile
if test 399 -ne `wc -c README <<'END_OF_README'
Xvi/ex modeline feature disable patch ... Gil Kloepfer, ICUS Software Systems
X----------------------------------------------------------------------------
X
XThis program and its Makefile are used to disable the modeline feature in
Xvi/ex which can inadvertantly allow malicious users to send "infected" files
Xto privileged users and disrupt system activities.
X
XThe patch is applied by executing the makefile ($ make).  The makefile will
Xcompile the patch program, copy the vi editor executable file into your
Xcurrent directory and apply the patch to this copy.  You should then make
Xa copy of the original vi editor, and copy the new one over the old one.
X
X		# make
X		# cp /usr/bin/vi /usr/bin/vi.OLD
X		# cp ./vi /usr/bin/vi
X
XThanks to Lenny Tropiano for the makefile.  Those who feel more comfortable
Xapplying the patch without any makefiles, the procedure is as follows:
X
X		# cc -v -o vifix vifix.c
X		# cd /usr/bin
X		# cp vi vi.OLD
X		# whatever-path/vifix
X
XThe vifix program will inform you if the version of vi you are fixing is
Xsupported by the patch program.  Note that this message will also appear if
Xthe patch is already applied.
X
XYou can check to see if the patch really worked by editing the file
X"modetest" with this shell archive with vi.  If a bannered word prints
Xout at all, the patch did not successfully take effect.
X
XAny further questions about the patch can be directed to Gil Kloepfer
Xat ...icus!limbic!gil, gil@limbic.UUCP, or gil@icus.islp.ny.us
END_OF_README
if test 1465 -ne `wc -c modetest <<'END_OF_modetest'
Xex:!banner "this":
Xei:!banner "is":
Xvx:!banner "a":
Xvi:!banner "test":
END_OF_modetest
if test 71 -ne `wc -c vifix.c <<'END_OF_vifix.c'
X/*
X * vifix.c
X *
X * Program to patch UNIX-pc (3B1) "vi" editor so that the modeline
X * function is disabled.
X *
X * By Gil Kloepfer, Jr., Lenny Tropiano  ICUS Software Systems   11/26/1988
X * Permission granted to redistribute without profit in the public domain
X * only.  This header must remain in-tact as is.  This program carries
X * no warranties, express or implied, and all consequences resulting from
X * the application of this patch are the sole responsibility of the user.
X *
X * Patch transforms the following byte pattern in vi -- this comment here
X * so that this program could be adapted to a newer version of vi:
X *
X * From:
X *     377 374 112 200 147 000 000 174 040
X * To:
X *     377 374 116 161 140 000 000 174 040
X *
X * This effectively skips over the modeline checking code in the editor.
X */
X
X#define	NONCRYPT	26202L
X#define	CRYPT		26434L
X
X#include 
X
Xmain()
X{
X	char	buffer[3];
X	int	fd;
X
X	if ((fd=open("vi",O_RDWR)) < 0) {
X		perror("open");
X		exit(1);
X	}
X
X	lseek(fd,NONCRYPT,0);		/* check for ENHANCED EDITOR version */
X	if (read(fd,buffer,3) != 3) {
X		perror("read");
X		exit(1);
X	}
X
X	if ((int)buffer[0] != 0112 &&
X	    (int)buffer[1] != 0200 &&
X	    (int)buffer[2] != 0147) {
X		lseek(fd,CRYPT,0);	/* check for ENCRYPTION SET version */
X		if (read(fd,buffer,3) != 3) {
X			perror("read");
X			exit(1);
X		}
X		if ((int)buffer[0] != 0112 &&
X	            (int)buffer[1] != 0200 &&
X	            (int)buffer[2] != 0147) {
X			printf("Version of vi not valid for this patch.\n");
X			exit(1);
X		}
X	}
X
X	lseek(fd,-3L,1);		/* back up pointer 3 bytes */
X	buffer[0]=(char)0116;
X	buffer[1]=(char)0161;
X	buffer[2]=(char)0140;
X	write(fd,buffer,3);
X
X	close(fd);
X	printf("vi modeline elimination patch successfully applied\n");
X	exit(0);
X}
END_OF_vifix.c
if test 1745 -ne `wc -c