From a4d85d0f98688b4eb73bcbf1a275eb90c8336e87 Mon Sep 17 00:00:00 2001
From: Teddy Wing
Date: Sun, 16 Jun 2019 13:26:22 +0200
Subject: vimrc: Disable modelines

Counteract CVE-2019-12735, arbitrary code execution in Vim/Neovim from
modelines:
https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md

Sad to disable something that I use on occasion, but it should be done.
---
 vimrc | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'vimrc')

diff --git a/vimrc b/vimrc
index 2044ff6..893061e 100644
--- a/vimrc
+++ b/vimrc
@@ -426,6 +426,9 @@
 "   2019.06.07:
 "       * Move RSpec mappings to ftplugin/ruby.vim.
 "
+"   2019.06.16:
+"       * Disable modelines for CVE-2019-12735.
+"
 
 
 " Pathogen
@@ -492,6 +495,10 @@ set backupcopy=yes
 " Turn on persistent undo
 set undofile
 
+" CVE-2019-12735
+set modelines=0
+set nomodeline
+
 " Disable all default ftplugins
 " http://vim.wikia.com/wiki/File_type_plugins#Disabling_default_ftplugins
 " http://stackoverflow.com/questions/11337129/setting-buffer-specific-variables-in-vim#comment14956146_11351393
-- 
cgit v1.2.3