http://www.guninski.com/vim1.html <QUOTE> Description: Opening a specially crafted text file with vim can execute arbitrary shell commands and pass parameters to them. Some exploit scenarios include mail user agents which use vim as editor (mutt) or examining log files with vim. The malicous text should be near the begining or the end of the file which mitigates the risk.
Details: The problem are so called modelines, which can execute some commands in vim, though they are intended to be sandboxed. </QUOTE> The cure is to put "set modelines=0" in ~/.vimrc or /etc/vim/vimrc. Is the cure worse than the disease? -- +------------------------------------------------------------+ | Ron Johnson, Jr. mailto:[EMAIL PROTECTED] | | Jefferson, LA USA http://members.cox.net/ron.l.johnson | | | | "Basically, I got on the plane with a bomb. Basically, I | | tried to ignite it. Basically, yeah, I intended to damage | | the plane." | | RICHARD REID, who tried to blow up American Airlines | | Flight 63 | +------------------------------------------------------------+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
