[PATCH] basic modelines for contrib/nvi
Nicolas Rachinsky
list at rachinsky.de
Sun Jul 25 15:22:20 PDT 2004
* José de Paula <espinafre at gmail.com> [2004-07-25 18:03 -0300]:
> On Mon, 19 Jul 2004 15:15:04 +0200, Jilles Tjoelker <jilles at stack.nl> wrote:
> <snip>
> >
> > There are some options which can pose a security risk, including but not
> > limited to cdpath, tempdir, path and shell. You should make a list of
> > "safe" options and only allow those in modelines.
>
> Thanks for the feedback, stay tuned for nvi modelines improvement! As
> soon as I have enough time, I'm going to take some forbidden options
> (for now, they are cdpath, directory, shell, backup and path. Please
> tell me what other options would be unsafe) and quietly strip them
> from the modeline.
Please follow the above suggestion and make a list of safe options and
disallow everything else.
Nicolas
More information about the freebsd-hackers
mailing list