Xref: utzoo unix-pc.bugs:67 unix-pc.sources:178 Path: utzoo!utgpu!watmath!uunet!cos!hqda-ai!icus!limbic!gil From: gil@limbic.UUCP (Gil Kloepfer Jr.) Newsgroups: unix-pc.bugs,unix-pc.sources Subject: FIX-TO-FIX: UNIX-pc vi "modelines" disable patch Keywords: ah sh*t, I should be more careful Message-ID: <405@limbic.UUCP> Date: 29 Nov 88 01:53:08 GMT Distribution: unix-pc Organization: ICUS Software Systems, Islip, NY Lines: 202 My apologies in advance for this. THIS VERSION OF THE PATCH WORKS! Lenny Tropiano (lenny@icus) whom we all know and love for his fine work has a nasty habit of reversing numbers as he did in a last minute addition to my vi patch program so that it would work for people who didn't have the encryption set installed. Well, his addition messed up the patch for those who DO have the encryption set installed! It now works...again, sorry for the wasted bandwidth. Again, for those who have seen this for the first time -- this patch disables the "modelines" option in the UNIX-pc version of vi. The option allows people to mail/post/give files which will execute shell commands if edited...and could cause havoc if abused. Most people never use the option, so disabling it is a viable alternative (to bugging AT&T to death). Again, my apologies. Please, no flames. This was all well-intentioned, and it seems that my double-check of the version of vi saved the day :-) ------- Gil Kloepfer, Jr. U-Net: {decuac,boulder,talcott,sbcs}!icus!limbic!gil ICUS Software Systems Voice: (516) 968-6860 [H] (516) 746-2350 x219 [W] P.O. Box 1 Internet: gil@icus.islp.ny.us Islip Terrace, NY 11752 "Life's a ... well, you know..." #! /bin/sh # This is a shell archive. Remove anything before this line, then unpack # it by saving it into a file and typing "sh file". To overwrite existing # files, type "sh file -c". You can also feed this as standard input via # unshar, or by typing "shMakefile <<'END_OF_Makefile' X# X# Makefile to compile vifix.c (vi modeline elimination) X# (c)1988 ICUS Software Systems UUCP: ...icus!software X# XCFLAGS=-v -O XLDFLAGS=-s XLIBS=/lib/crt0s.o /lib/shlib.ifile X# Xvifix: vifix.o X @echo "Loading ..." X $(LD) $(LDFLAGS) -o vifix vifix.o $(LIBS) X @echo "Copying /usr/bin/vi to current directory ..." X @cp /usr/bin/vi . X @vifix X @echo "Save old version, and copy \"vi\" to /usr/bin" END_OF_Makefile if test 399 -ne `wc -c README <<'END_OF_README' Xvi/ex modeline feature disable patch ... Gil Kloepfer, ICUS Software Systems X---------------------------------------------------------------------------- X XThis program and its Makefile are used to disable the modeline feature in Xvi/ex which can inadvertantly allow malicious users to send "infected" files Xto privileged users and disrupt system activities. X XThe patch is applied by executing the makefile ($ make). The makefile will Xcompile the patch program, copy the vi editor executable file into your Xcurrent directory and apply the patch to this copy. You should then make Xa copy of the original vi editor, and copy the new one over the old one. X X # make X # cp /usr/bin/vi /usr/bin/vi.OLD X # cp ./vi /usr/bin/vi X XThanks to Lenny Tropiano for the makefile. Those who feel more comfortable Xapplying the patch without any makefiles, the procedure is as follows: X X # cc -v -o vifix vifix.c X # cd /usr/bin X # cp vi vi.OLD X # whatever-path/vifix X XThe vifix program will inform you if the version of vi you are fixing is Xsupported by the patch program. Note that this message will also appear if Xthe patch is already applied. X XYou can check to see if the patch really worked by editing the file X"modetest" with this shell archive with vi. If a bannered word prints Xout at all, the patch did not successfully take effect. X XAny further questions about the patch can be directed to Gil Kloepfer Xat ...icus!limbic!gil, gil@limbic.UUCP, or gil@icus.islp.ny.us END_OF_README if test 1465 -ne `wc -c modetest <<'END_OF_modetest' Xex:!banner "this": Xei:!banner "is": Xvx:!banner "a": Xvi:!banner "test": END_OF_modetest if test 71 -ne `wc -c vifix.c <<'END_OF_vifix.c' X/* X * vifix.c X * X * Program to patch UNIX-pc (3B1) "vi" editor so that the modeline X * function is disabled. X * X * By Gil Kloepfer, Jr., Lenny Tropiano ICUS Software Systems 11/26/1988 X * Permission granted to redistribute without profit in the public domain X * only. This header must remain in-tact as is. This program carries X * no warranties, express or implied, and all consequences resulting from X * the application of this patch are the sole responsibility of the user. X * X * Patch transforms the following byte pattern in vi -- this comment here X * so that this program could be adapted to a newer version of vi: X * X * From: X * 377 374 112 200 147 000 000 174 040 X * To: X * 377 374 116 161 140 000 000 174 040 X * X * This effectively skips over the modeline checking code in the editor. X */ X X#define NONCRYPT 26202L X#define CRYPT 26434L X X#include X Xmain() X{ X char buffer[3]; X int fd; X X if ((fd=open("vi",O_RDWR)) < 0) { X perror("open"); X exit(1); X } X X lseek(fd,NONCRYPT,0); /* check for ENHANCED EDITOR version */ X if (read(fd,buffer,3) != 3) { X perror("read"); X exit(1); X } X X if ((int)buffer[0] != 0112 && X (int)buffer[1] != 0200 && X (int)buffer[2] != 0147) { X lseek(fd,CRYPT,0); /* check for ENCRYPTION SET version */ X if (read(fd,buffer,3) != 3) { X perror("read"); X exit(1); X } X if ((int)buffer[0] != 0112 && X (int)buffer[1] != 0200 && X (int)buffer[2] != 0147) { X printf("Version of vi not valid for this patch.\n"); X exit(1); X } X } X X lseek(fd,-3L,1); /* back up pointer 3 bytes */ X buffer[0]=(char)0116; X buffer[1]=(char)0161; X buffer[2]=(char)0140; X write(fd,buffer,3); X X close(fd); X printf("vi modeline elimination patch successfully applied\n"); X exit(0); X} END_OF_vifix.c if test 1745 -ne `wc -c