Remix clone Hacker News

new | show | ask | jobs Github

▲

ramses0 3 days ago

vim used to have similar vulnerabilities (maybe still does?) via modelines:

https://security.stackexchange.com/questions/36001/vim-model...

https://lwn.net/Articles/20249/

Circa 2002-2003, and the LWN comment describing the exact same scope:

"""emacs is the same, if not worse. (See the node File Variables in the info docs.) You get not only to set random buffer-local variables, but also to evaluate arbitrary lisp code. Ouch!"""

▲

Ferret7446 2 days ago | parent | next [-]

At least for file variables, Emacs prompts before loading untrusted values.

▲

nicce 3 days ago | parent | prev [-]

Someone took the first tomato!

	▲	ramses0 3 days ago \| parent [-]
		I'm firmly in the vim camp, just wanting to share the history, utterly surprised (but not...) that it's ~25+ years in the making. Funny story once checking a bug report, OG founder of the company dropped in: "I like to check in on my bug reports every 10 years..." It's not just an open-source issue, hard decisions are hard decisions.