[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Troff dangerous. (fwd)
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: Troff dangerous. (fwd)
- From: CyberPsychotic <mlists_(_at_)_gizmo_(_dot_)_kyrnet_(_dot_)_kg>
- Date: Wed, 28 Jul 1999 12:17:10 +0600 (KGST)
- Reply-to: fygrave_(_at_)_tigerteam_(_dot_)_net
Maybe it would make sence to turn of all those .opena/.pso/.sy commands in
groff? no piece of system relies on that so far I know.
---------- Forwarded message ----------
Date: Mon, 26 Jul 1999 10:42:06 +1200
From: Nic Bellamy <sky_(_at_)_WIBBLE_(_dot_)_NET_(_dot_)_INVALID>
Subject: Re: Troff dangerous.
On Sun, 25 Jul 1999, John Robert LoVerso wrote:
> Thus, this affects only systems with groff installed (all Linux and FreeBSD
> systems, at least).
One Linux distribution that doesn't appear to be vulnerable is Debian
(tested on 2.1/slink) - the maintainer of the groff package has made the
-S ("Safer mode") the default, which turns off potentially dangerous
commands like .opena, .pso, etc.
Hopefully this change can make it into the official GNU groff distribution
- as useful as these features may be, I doubt the majority of people use
groff for much more than formatting manpages. Safe defaults are always
I've also checked OpenBSD 2.5 and FreeBSD 3.2 - the groff on both systems
defaults to the unsafe behaviour.
P.S. My apologies for the From: address mangling - I received far too many
vacation messages and spams last time I posted here.
-- Nic Bellamy <sky_(_at_)_wibble_(_dot_)_net_(_dot_)_invalid>
J. Random Coder.
Visit your host, monkey.org