Date: Mon, 26 Jul 2004 00:22:15 +0200 From: Nicolas Rachinsky <list@rachinsky.de> To: =?iso-8859-1?Q?Jos=E9?= de Paula <espinafre@gmail.com> Cc: freebsd-hackers@freebsd.org Subject: Re: [PATCH] basic modelines for contrib/nvi Message-ID: <20040725222215.GB33560@pc5.i.0x5.de> In-Reply-To: <5ef8c2f0040725140372d192bb@mail.gmail.com> References: <5ef8c2f004071419517bdc9f3e@mail.gmail.com> <20040718135541.GA28115@gothmog.gr> <5ef8c2f0040718144648b49ff6@mail.gmail.com> <20040719131503.GA12222@stack.nl> <5ef8c2f0040725140372d192bb@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
* José de Paula <espinafre@gmail.com> [2004-07-25 18:03 -0300]: > On Mon, 19 Jul 2004 15:15:04 +0200, Jilles Tjoelker <jilles@stack.nl> wrote: > <snip> > > > > There are some options which can pose a security risk, including but not > > limited to cdpath, tempdir, path and shell. You should make a list of > > "safe" options and only allow those in modelines. > > Thanks for the feedback, stay tuned for nvi modelines improvement! As > soon as I have enough time, I'm going to take some forbidden options > (for now, they are cdpath, directory, shell, backup and path. Please > tell me what other options would be unsafe) and quietly strip them > from the modeline. Please follow the above suggestion and make a list of safe options and disallow everything else. Nicolas
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040725222215.GB33560>