[conspire] (forw) Re: [GoLugTech] Fw: [PLUG] vim and neovim bug
Rick Moen
rick at linuxmafia.com
Thu Jun 13 16:41:54 PDT 2019
----- Forwarded message from Rick Moen <rick at linuxmafia.com> -----
Date: Thu, 13 Jun 2019 16:40:57 -0700
From: Rick Moen <rick at linuxmafia.com>
To: tech at golug.org
Subject: Re: [GoLugTech] Fw: [PLUG] vim and neovim bug
Organization: If you lived here, you'd be $HOME already.
Quoting Steve Litt via Tech (tech at golug.org):
> This doesn't sound good:
> https://threatpost.com/linux-command-line-editors-high-severity-bug/145569/
Rule of thumb: If you're never going to use a feature in public-facing
software, turn it off. I have no use for modeline support, do you?
https://www.techrepublic.com/blog/it-security/turn-off-modeline-support-in-vim/
Locally:
:r! grep modeline .vimrc
set nomodeline
Back when I ran a Ops for a merchant bank operation (my firm's
subsidiary that did online credit-card processing), I basically
had to read CVEs as part of my job (to pass PCIDSS auditing every three
months), and I can't tell you how many CVEs we just didn't have to worry
about because it was an attack against some baroque software feature
we'd already disabled.
----- End forwarded message -----
More information about the conspire
mailing list