Vi Input Manager

you vi user out there might also want to check out viAllOver, http://www.dabble.org/viallover/. does the same thing as the above mentioned, just a little differently. just released a new version witch adds find, line find, undo, and visual mode to name a few. quite handy, u use it everyday. enjoy.

This implements such a simplistic subset of functionality as to be pointless. Everything you can use it for has an easy and obvious existing shortcut without the pointless modality. All it’s doing is changing the existing keybindings when you enter command mode. It implements no new functionality.

This isn’t even a ghost’s shadow of vi.

The source code is available....you can check yourself for some malicious code.

Ah, there was a nice day when people trusted each other.

All security concerns aside this is amazing, I am a huge vi user and this could make my life so much better.

do NOT "close" inputmanagers

I use it from Nextstep era and I love it.


just put security in Mail, in Login, in Safari, in whatever to prevent anything beyond ME to put some code in ~/Library/InputManagers

you should also think every cocoa applications use a runtime with introspection and class loaders. yes you could put in there some Bad Bad ugly bad software stuff..

in ~/Library/codecs too, to crash quicktime

in fact, if someone got in the computer with yours privileges you're dead. whatever you "close", it will open

so : do NOT DARE to remove theses functionnalities , or I go back to linux so fast you will not see my blaze.

just : continue on the good work to keep os X secure.

people : do not never "install" or put files in weird directories if you do not have _absolute_ trust.

never and never.

Vi this, emacs that...us poor pico slackers can't get a break, en ? ;-)

Even without the ‘Input Manager Hole’ there are plenty of ways to get your dylib loaded along with applications on pretty much any UNIX-based system. The bottom line is that once you have let a piece of code onto your system and run it, you've already placed the trust in it. Closing these alleged holes doesn't actually solve anything, because in order to take advantage of them you must already have the same degree of privilege that you require in order to do any damage.

(By this classification of a hole, Solaris, Linux and the BSDs are all ‘vulnerable’).

Ah, yes, the InputManager functionality, otherwise known as the InputManagers Hole.

The InputManagers Hole was used by Inqtana and by Leap-A. Kevin Finisterre warned Apple about it so long ago it's just not funny;

http://digitalmunition.com/InqTanaThroughTheEyes.txt

The "functionality' should not be there. It's damn dangerous. And if it stays then sooner or later something will use it -- not for an intentionally harmless POC like Inqtana but in earnest.

wow I really have to test this, but if it works as advertised, it's really helpful for me.