[11140] in bugtraq
Re: Troff dangerous.
daemon@ATHENA.MIT.EDU (Olaf Kirch)
Tue Jul 27 02:29:37 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <19990726123622.A11860@monad.swb.de>
Date: Mon, 26 Jul 1999 12:36:22 +0200
Reply-To: Olaf Kirch <okir@MONAD.SWB.DE>
From: Olaf Kirch <okir@MONAD.SWB.DE>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <19990725011311.A21804@distorted.mu.shrooms.com>; from Julian
Squires on Sun, Jul 25, 1999 at 01:13:11AM -0218
On Sun, Jul 25, 1999 at 01:13:11AM -0218, Julian Squires wrote:
> Redhat 5.2 is vulnerable. Both Debian slink and potato are not. Both
> use groff 1.11a, but Debian's is patched. It appears that stock groff
> 1.11a is vulnerable, probably any older groff, as well.
I forgot this in my previous message to bugtraq, but there's of course
a way to disable these macros, which is by adding -msafer to the groff
command line (e.g. in /etc/man.conf or wherever your man config lives).
The tmac.safer package simply removes the offending commands and replaces
them with something that prints a warning. For those who can read troff:
.rm open opena pso sy pi
.de unsafe
.tm \\n(.F:\\n(.c: unsafe to execute request `\\$1'
..
.als open unsafe
.als opena unsafe
.als pso unsafe
.als sy unsafe
.als pi unsafe
Olaf
--
Olaf Kirch | --- o --- Nous sommes du soleil we love when we play
okir@monad.swb.de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax
okir@caldera.de +-------------------- Why Not?! -----------------------
UNIX, n.: Spanish manufacturer of fire extinguishers.
