| ▲ | lloeki 9 hours ago | |
> We asked Claude to find a bug in Vim. It found an RCE. Just open a file, and you’re owned. Yeah reading the above opening paragraph I was immediately going "oh Claude found out about modelines" modelines are largely considered a (roundabout) equivalent to flat out eval, There's a reason plugins such as securemodelines exist: | ||
| ▲ | johnisgood 8 hours ago | parent [-] | |
Right. I am surprised to see this considered to be an RCE. Or a "mad bug" worthy of being here on HN. sighs. Pretty sure a lot of people have spent lots of tokens into finding RCEs in vim and emacs, he is not the first person to do this. | ||