Re: Troff dangerous.

[shipley () DIS ORG (Pete)]

> On Fri, Jul 23, 1999 at 10:16:42PM +0200, Pawel Wilk wrote:
> > If you want your system safe,
> > don't look as root
> > at manual page.
>
> Don't look at them _at_all_ before checking them for dangerous troff-commands
> I'd say. In the end of my message I have included the shellfunction I use to
> check manual pages before installing them / viewing them..
>
> What this also means is SGID man is probably not a good idea (a method that is
> used to avoid having the preformatted manualpage cache, catman, directories
> worldwriteable).

<RANT>
    This is not a *new* security problem, thus has been known for
    decades and ranks with trojan in VI and TeX and sh shell ( I will
    attach a sh shell virus

    I believe it was Spafford that published a worm or virus written in TeX
    but I can't locate it in my security archives at the moment.   I am sure
    someone on this list has a copy.

    Also in VI it is/was (depending on your system and which version of VI you
    have installed) possible to have arbitrary commands executed as the file
    was edited.

    I believe the syntax was

        #exec  <command>

    and it had to be one of the first five lines in the file

    Thus you would update your warning  to be:

        when root dont edit files, read man pages or print TeX documents
        or run commands.

    Also don't forget to have set messages to off so people can't bounce
    command off your terminals status line (aka: the "25th" line)

</RANT>

But as for your statement I would prefer a setuid/gid man (to a dedicated
uid and gid) thus *when* your troff is compromised. It will not have the
authority to compromise your system.

<!-- attachment="bin0a08999" -->
<HR>
<UL>
<LI>plain/text attachment: stored
</UL>