From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 25343 invoked by alias); 17 Sep 2014 13:02:59 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Received: (qmail 25332 invoked by uid 89); 17 Sep 2014 13:02:59 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.2 X-HELO: gate.crashing.org Received: from gate.crashing.org (HELO gate.crashing.org) (63.228.1.57) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-SHA encrypted) ESMTPS; Wed, 17 Sep 2014 13:02:57 +0000 Received: from gate.crashing.org (localhost.localdomain [127.0.0.1]) by gate.crashing.org (8.14.1/8.13.8) with ESMTP id s8HD1fgg013082; Wed, 17 Sep 2014 08:01:42 -0500 Received: (from segher@localhost) by gate.crashing.org (8.14.1/8.14.1/Submit) id s8HD1enj013080; Wed, 17 Sep 2014 08:01:40 -0500 Date: Wed, 17 Sep 2014 13:02:00 -0000 From: Segher Boessenkool To: Trevor Saunders Cc: Yury Gribov , GCC Patches , Laurynas Biveinis , Jeff Law , Richard Biener , Bernhard Reutner-Fischer , Mike Stump Subject: Re: [PATCHv3] Vimrc config with GNU formatting Message-ID: <20140917130139.GA10401@gate.crashing.org> References: <540863C1.4000909@samsung.com> <54100735.5040700@samsung.com> <541867A2.6020405@samsung.com> <20140916215858.GA20924@tsaunders-iceball.corp.tor1.mozilla.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20140916215858.GA20924@tsaunders-iceball.corp.tor1.mozilla.com> User-Agent: Mutt/1.4.2.3i X-IsSubscribed: yes X-SW-Source: 2014-09/txt/msg01357.txt.bz2 On Tue, Sep 16, 2014 at 05:58:58PM -0400, Trevor Saunders wrote: > fwiw, I think enabling it by default especially when that really means > enable it if you've enabled the localrc plugin makes sense. Enabling it by default means enabling it for all users. That is a really really bad plan; many of the options this script sets are user preferences. You can make Vim automatically adapt settings, but you cannot make the Vim user adapt to that. Of course Vim won't use this script by default anyway. It would be nice if there was some "modeline for this whole subtree" mechanism, but there is not. > I don't see > how you can enable the localrc plugin and then complain when people use > it for its designed purpose. Sure. If you have the localrc thing installed, anyone who can write files you can read can make your vim do *anything* (and I mean *anything*). It is a security disaster, that is, there is no security at all. It runs any script in the path from the file you open up to the root. There is no confirmation asked, no whitelist, no blacklist, no nothing. And no sandboxing either, of course. Did I mention /tmp? And writing to files? Or just opening a shell. The possibilities are endless! We should not encourage people to install this. Running it is reckless; telling other people to run it is irresponsible. > However something in contrib/ is probably > easier for new people to find than something on the wiki or something so > better than doing nothing :) Yup, just a bunch of recommended settings somewhere easy to find in contrib/ should be quite helpful to many people. Segher