modelines for ~root being ignored
Linda W
corrupted vim or if there is some other logical reason why
root can't read modelines.
I use modelines in my system config files to change defaults.
I know that at some point a default line of
set modelines=0 was set near the end of /etc/vimrc
I commented it out (1st), and later tried explicitly setting it
to the default (5).
I have the same .vimrc, in my ~root as in my ~user dir.
I EVEN set HOME (for root) = ~user, and ran vim so it would
use my ~user settings -- it DID, at least use the .viminfo, since
when I opened my testfile
(created testfile /tmp/syslog) -- a copy of a logrotate.d/<configfile>)
The 1st modeline I tried was
# vim: ts=4:sw=4
I later changed the last 3 lines in the file to:
# vi: ts=4:sw=4
# vim: ts=4:sw=4
# gvim: ts=4:sw=4
Anyway I try it, the user signon does read the modeline, but root
will not.
I don't remember this always being the case -- as I use modelines
in config files, often, to reset tabstops...
Is there something I'm missing somewhere? I have added explicit
set modelines=5 to both my system /etc/vimrc
and root's .vimrc, yet they are ignored.
I've looked through the standard vim directories for anything that might
be setting (or resetting) modelines, (ran vim -V10 to see all files it read in,
and I think I checked all the file dirs it looked into or ran files from).
Any ideas?
Supposedly, modelines can allow execution of external scripts which can
launch commands - possibly compromising security, but at least if the
file is owned by root it shouldn't be ignoring modelines --
If arbitrary commands can be run from modelines, I can just as easily
be running a syslog-command about each system-config file that is
edited, into the syslog -- in which case, turning off modelines would
simply turn off my default security logging (regardless of how great
that would be for some OTHER system's security policy)...
I'm wanting to extract hairs from painful parts of my body (or maybe
painful parts of whoever caused this, if its not some "stupo" on my part
:-))...
Help?
Anton Sharonov
from :help 'modeline':
*'modeline'* *'ml'* *'nomodeline'* *'noml'*
'modeline' 'ml' boolean (Vim default: on (off for root),
Vi default: off)
local to buffer
*'modelines'* *'mls'*
It's means, 'modeline' is off for root by default.
--
Anton
2008/11/3, Linda W <v...@tlinx.org>:
Linda W
> What you need, is rather 'modeline' and not 'modelines'
>
> from :help 'modeline':
> *'modeline'* *'ml'* *'nomodeline'* *'noml'*
> 'modeline' 'ml' boolean (Vim default: on (off for root),
> Vi default: off)
> local to buffer
> *'modelines'* *'mls'*
>
> It's means, 'modeline' is off for root by default.
Wow, thanks....that's really _obscure_. Is that something
that's changed in the past few versions...say 7.0 or 6.x series?
I thought the way to turn off modelines was set modelines=0
This is even what the comment lines in the SuSE /etc/vimrc indicate
(i.e. these are the last lines of the default SuSE /etc/vimrc):
" Changed default required by SuSE security team--be aware if enabling this
" that it potentially can open for malicious users to do harmful things.
set modelines=0
" get easier to use and more user friendly vim defaults
" /etc/vimrc ends here
John Beckett
> I thought the way to turn off modelines was set modelines=0
From ":help 'modeline'" we learn that there are two options controlling modelines;
you need to enable both of them to enable modelines. I believe that has been the
case for a long time:
If 'modeline' is on 'modelines' gives the number of lines that is
checked for set commands.
If 'modeline' is off or 'modelines' is zero no lines are checked.
Patch 7.0.237 changed Vim so the default for 'modeline' is off when running as root.
I would worry about running as root with modelines enabled. Autocommands or
filetypes perhaps could set the options you want (I would just map a key or make a
command so I could easily set the options when wanted).
John
Tony Mechelynck
> I'm running a SuSE system 10.3 and am wondering if they
> corrupted vim or if there is some other logical reason why
> root can't read modelines.
'modeline' (singular), a Boolean option, defaults to off for root, see
":help 'modeline'".
Some people pretend that letting root use modelines is a security hole.
In the course of my use of Vim, I've seen many such supposed "holes"
plugged by disabling some options in modelines, and sandboxing others. I
don't think such a security hole, if there still is any, would remain
open any significant length of time after being discovered -- but maybe
I'm too optimistic there. Of course, no modelines also mean no help
syntax highlighting and no help hotlinking -- among other things.
Here's what I have in my vimrc about the use of modelines:
if exists("+modelines")
" the following is required because of SuSE's paranoid /etc/vimrc
" and to force 'modeline' on even for root in Vim 7.0.237 and later
set modeline modelines=5
" the following disables a dangerous modeline in one helpfile
if has ('autocmd')
au BufReadPost ada.txt setl nomodeline ft=help
endif
endif
Best regards,
Tony.
--
Hain't we got all the fools in town on our side? And hain't that a big
enough majority in any town?
-- Mark Twain, "Huckleberry Finn"
sc
[snip]
> Here's what I have in my vimrc about the use of modelines:
>
> if exists("+modelines")
> " the following is required because of SuSE's paranoid /etc/vimrc
> " and to force 'modeline' on even for root in Vim 7.0.237 and later
> set modeline modelines=5
> " the following disables a dangerous modeline in one helpfile
> if has ('autocmd')
> au BufReadPost ada.txt setl nomodeline ft=help
> endif
> endif
tony--
if I'm not mistaken the problem modeline in ada.txt was de-problemized
some time ago -- I do believe the above autocmd is no longer necessary
a quick peek shows
vim: textwidth=78 nowrap tabstop=8 shiftwidth=4 softtabstop=4 noexpandtab
vim: filetype=help
at the end of that module -- no more encoding gotcha
sc
Tony Mechelynck
It's possible, I haven't changed that part of my vimrc recently.
Best regards,
Tony.
--
Vital papers will demonstrate their vitality by spontaneously moving
from where you left them to where you can't find them.