Bugtraq mailing list archives
Re: Troff dangerous.
From: shipley () DIS ORG (Pete)
Date: Sun, 25 Jul 1999 17:59:23 -0700
On Fri, Jul 23, 1999 at 10:16:42PM +0200, Pawel Wilk wrote:If you want your system safe, don't look as root at manual page.Don't look at them _at_all_ before checking them for dangerous troff-commands I'd say. In the end of my message I have included the shellfunction I use to check manual pages before installing them / viewing them.. What this also means is SGID man is probably not a good idea (a method that is used to avoid having the preformatted manualpage cache, catman, directories worldwriteable).
<RANT> This is not a *new* security problem, thus has been known for decades and ranks with trojan in VI and TeX and sh shell ( I will attach a sh shell virus I believe it was Spafford that published a worm or virus written in TeX but I can't locate it in my security archives at the moment. I am sure someone on this list has a copy. Also in VI it is/was (depending on your system and which version of VI you have installed) possible to have arbitrary commands executed as the file was edited. I believe the syntax was #exec <command> and it had to be one of the first five lines in the file Thus you would update your warning to be: when root dont edit files, read man pages or print TeX documents or run commands. Also don't forget to have set messages to off so people can't bounce command off your terminals status line (aka: the "25th" line) </RANT> But as for your statement I would prefer a setuid/gid man (to a dedicated uid and gid) thus *when* your troff is compromised. It will not have the authority to compromise your system. <!-- attachment="bin0a08999" --> <HR> <UL> <LI>plain/text attachment: stored </UL>
Current thread:
- Re: Troff dangerous. John Robert LoVerso (Jul 25)
- Re: Troff dangerous. Nic Bellamy (Jul 25)
- Re: Troff dangerous. Aaron Campbell (Jul 26)
- Re: Troff dangerous. Olaf Kirch (Jul 26)
- <Possible follow-ups>
- Re: Troff dangerous. Joel Eriksson (Jul 25)
- Re: Troff dangerous. Pete (Jul 25)
- Re: Troff dangerous. Robert Watson (Jul 27)
- Re: Troff dangerous. Yozo Toda (Jul 25)
- Re: Troff dangerous. Eric Moore (Jul 25)
- Re: Troff dangerous. Ville Nummela (Jul 27)
- Re: Troff dangerous. Pete (Jul 25)
- Re: Troff dangerous. Jason Thorpe (Jul 25)
- Retrieving RDS Data... Wanderley J. Abreu Jr (Jul 26)
- Re: Troff dangerous. Bob Beck (Jul 26)
- Re: Troff dangerous. Ronny Cook (Jul 25)
- Re: Troff dangerous. Steven M. Bellovin (Jul 26)
- Re: Troff dangerous. Groovy Pants Gus (Jul 26)
- Re: Troff dangerous. Nic Bellamy (Jul 25)