vimrc: Disable modelines

Counteract CVE-2019-12735, arbitrary code execution in Vim/Neovim from modelines: https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md Sad to disable something that I use on occasion, but it should be done.
author: Teddy Wing 2019-06-16 13:26:22 +0200
committer: Teddy Wing 2019-06-16 13:26:22 +0200
commit: a4d85d0f98688b4eb73bcbf1a275eb90c8336e87 (patch)
tree: 45a5cabcd8f7a2eec99358367ac8bc8dfbd5e079 /vimrc
parent: 813898fc3527a5b6eb83b993221413e5b3cd0d70 (diff)
download: dotvim-a4d85d0f98688b4eb73bcbf1a275eb90c8336e87.tar.bz2
1 files changed, 7 insertions, 0 deletions
diff --git a/vimrc b/vimrc
index 2044ff6..893061e 100644
--- a/vimrc
+++ b/vimrc
@@ -426,6 +426,9 @@
 "   2019.06.07:
 "       * Move RSpec mappings to ftplugin/ruby.vim.
 "
+"   2019.06.16:
+"       * Disable modelines for CVE-2019-12735.
+"
 
 
 " Pathogen
@@ -492,6 +495,10 @@ set backupcopy=yes
 " Turn on persistent undo
 set undofile
 
+" CVE-2019-12735
+set modelines=0
+set nomodeline
+
 " Disable all default ftplugins
 " http://vim.wikia.com/wiki/File_type_plugins#Disabling_default_ftplugins
 " http://stackoverflow.com/questions/11337129/setting-buffer-specific-variables-in-vim#comment14956146_11351393
author	Teddy Wing	2019-06-16 13:26:22 +0200
committer	Teddy Wing	2019-06-16 13:26:22 +0200
commit	a4d85d0f98688b4eb73bcbf1a275eb90c8336e87 (patch)
tree	45a5cabcd8f7a2eec99358367ac8bc8dfbd5e079 /vimrc
parent	813898fc3527a5b6eb83b993221413e5b3cd0d70 (diff)
download	dotvim-a4d85d0f98688b4eb73bcbf1a275eb90c8336e87.tar.bz2