[11128] in bugtraq
Re: Troff dangerous.
daemon@ATHENA.MIT.EDU (Jason Thorpe)
Mon Jul 26 18:39:43 1999
Message-Id: <199907252027.NAA29991@lestat.nas.nasa.gov>
Date: Sun, 25 Jul 1999 13:27:44 -0700
Reply-To: Jason Thorpe <thorpej@nas.nasa.gov>
From: Jason Thorpe <thorpej@NAS.NASA.GOV>
X-To: fygrave@tigerteam.net
To: BUGTRAQ@SECURITYFOCUS.COM
On Sun, 25 Jul 1999 17:29:56 +0600
CyberPsychotic <mlists@GIZMO.KYRNET.KG> wrote:
> ~ If you want your system safe,
> ~ don't look as root
> ~ at manual page.
> ~
>
> with accurately set permissions for man page directories, non-privileged
> users shouldn't be able to add manual pages to the system (if they are
> able to, system is whacked anyway), so I take this threat merely as
> another trojan possibility - quite uncommon one indeed.
The trick is that it can get you if you as a system administrator download
some open source program from the Internet, and build and install that
program; such activity often happens as "root", so a couple of scenarios
are possible:
(1) Root installs the malicious roff source unknowingly.
(2) During the process of building/installing the program, groff
is invoked as root to create a pre-formatted version of
the manual page (a "cat page"), at which point the trojan
horse does it dirty work.
-- Jason R. Thorpe <thorpej@nas.nasa.gov>
