[11172] in bugtraq
Re: Troff dangerous.
daemon@ATHENA.MIT.EDU (Dmitry Yu. Bolkhovityanov)
Wed Jul 28 22:26:38 1999
Message-Id: <68DE8DD3C40@csd.inp.nsk.su>
Date: Wed, 28 Jul 1999 12:15:59 +0700
Reply-To: "Dmitry Yu. Bolkhovityanov" <D.Yu.Bolkhovityanov@INP.NSK.SU>
From: "Dmitry Yu. Bolkhovityanov" <D.Yu.Bolkhovityanov@INP.NSK.SU>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
On 26 Jul 99 at 2:38, moore@LOVECRAFT.CHEM.CMU.EDU wrote:
> Another, perhaps less intrusive/time consuming alternative is to
> change the TROFF and NROFF lines in /etc/man.conf with:
>
> TROFF /usr/bin/groff -S -Tps -mandoc
> NROFF /usr/bin/groff -S -Tascii -mandoc
>
> (that is, add the -S switch)
>
> -S Safer mode. Pass the -S option to pic and use the
> -msafer macros with troff.
>
> see also "man 7 msafer"
Unfortunately, this wouldn't affect xman, which doesn't know about
man.conf and always use hardcoded commandline:
viper:~% strings `which xman` | grep -i roff
| geqn | gtbl | groff -Tascii -mandoc
This is defined as `FORMAT' macro in xman/vendor.h (and slightly
modified with x11r6-contrib-3.1.2-mandoc.patch in RedHat rpm), and can't be
customized with environment/resources.
There are many other help/manpage browsers (helptool, gnome-help-browser
come to mind), so the right thing is to modify groff.
___________________________________________________________________
Dmitry Yu. Bolkhovityanov | Novosibirsk, RUSSIA
phone (383-2)-39-49-56 | The Budker Institute of Nuclear Physics
| Lab. 5-13
