Bugtraq mailing list archives
Re: Troff dangerous.
From: sky () WIBBLE NET.INVALID (Nic Bellamy)
Date: Mon, 26 Jul 1999 10:42:06 +1200
On Sun, 25 Jul 1999, John Robert LoVerso wrote:
Thus, this affects only systems with groff installed (all Linux and FreeBSD systems, at least).
One Linux distribution that doesn't appear to be vulnerable is Debian (tested on 2.1/slink) - the maintainer of the groff package has made the -S ("Safer mode") the default, which turns off potentially dangerous commands like .opena, .pso, etc. Hopefully this change can make it into the official GNU groff distribution - as useful as these features may be, I doubt the majority of people use groff for much more than formatting manpages. Safe defaults are always good. I've also checked OpenBSD 2.5 and FreeBSD 3.2 - the groff on both systems defaults to the unsafe behaviour. Regards, Nic. P.S. My apologies for the From: address mangling - I received far too many vacation messages and spams last time I posted here. -- Nic Bellamy <-- Nic Bellamy <sky () wibble net.invalid> J. Random Coder.
Current thread:
- Re: Troff dangerous. John Robert LoVerso (Jul 25)
- Re: Troff dangerous. Nic Bellamy (Jul 25)
- Re: Troff dangerous. Aaron Campbell (Jul 26)
- Re: Troff dangerous. Olaf Kirch (Jul 26)
- <Possible follow-ups>
- Re: Troff dangerous. Joel Eriksson (Jul 25)
- Re: Troff dangerous. Pete (Jul 25)
- Re: Troff dangerous. Robert Watson (Jul 27)
- Re: Troff dangerous. Yozo Toda (Jul 25)
- Re: Troff dangerous. Eric Moore (Jul 25)
- Re: Troff dangerous. Ville Nummela (Jul 27)
- Re: Troff dangerous. Pete (Jul 25)
- Re: Troff dangerous. Jason Thorpe (Jul 25)
- Retrieving RDS Data... Wanderley J. Abreu Jr (Jul 26)
(Thread continues...)
- Re: Troff dangerous. Nic Bellamy (Jul 25)