Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Simple: Modelines come from a time before we understood that ordinary user applications working with ordinary files needed to be engineered securely.


I think you missed my question :)

I understand the security concerns (arbitrary code execution just by loading an arbitrary file into vim).

My question was: this issue was caught, diagnosed, widely publicised and the configuration fix for it was widely deployed - nearly 15 (fifteen!) years ago.

So why is it cropping up as a "new" security issue now?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: