[669] in linux-security and linux-alert archive
Re: [linux-security] Security problems in RedHat 3.0.3...
daemon@ATHENA.MIT.EDU (Olaf Kirch)
Sat Apr 13 14:59:54 1996
To: linux-security@tarsier.cv.nrao.edu
Cc: G.Wilford@ee.surrey.ac.uk
Date: Sat, 13 Apr 1996 20:31:20 +0200
From: Olaf Kirch <okir@monad.swb.de>
Rogier Wolff wrote:
> [Unverified rumor]
> Ehm.... while on the subject of "man" bugs, man and/or groff will run
> arbitrary programs under specification of the man-page-writer.......
That would be a nasty. groff supports the .sy command to run arbitrary
programs. In combination with being able to do `man ./foo.1' that's a hole
regardless of whether it's setuid or setgid.
I just checked my (admittedly old) man, version 2.2 dated Dec 1994; it does
indeed reset uid, but not the gid.
Olaf
--
Olaf Kirch | --- o --- Nous sommes du soleil we love when we play
okir@monad.swb.de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax
For my PGP public key, finger okir@brewhq.swb.de.
