[11131] in bugtraq
Re: Troff dangerous.
daemon@ATHENA.MIT.EDU (Pavel Kankovsky)
Mon Jul 26 20:40:50 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <19990725151346.1371.0@bobanek.nowhere.cz>
Date: Sun, 25 Jul 1999 15:48:25 +0200
Reply-To: Pavel Kankovsky <peak@ARGO.TROJA.MFF.CUNI.CZ>
From: Pavel Kankovsky <peak@ARGO.TROJA.MFF.CUNI.CZ>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <19990723221642.A15331@szarik>
On Fri, 23 Jul 1999, Pawel Wilk wrote:
> If you want your system safe,
> don't look as root
> at manual page.
The dangerous instructions (.pso, .open/.opena) are probably GNU
troff (aka groff) specific. Little (if any) functionality would be
lost if the were removed for the sake of safety.
Nevertheless, this does not imply other implementations must be
absolutely safe: for example, there are probably ways to abuse .so as
well (.so /dev/zero, .so /dev/kmem, .so some-system-fifo...).
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."
