On Sun, 25 Jul 1999 17:29:56 +0600
CyberPsychotic <mlists_at_GIZMO.KYRNET.KG> wrote:
> ~ If you want your system safe,
> ~ don't look as root
> ~ at manual page.
> ~
>
> with accurately set permissions for man page directories, non-privileged
> users shouldn't be able to add manual pages to the system (if they are
> able to, system is whacked anyway), so I take this threat merely as
> another trojan possibility - quite uncommon one indeed.
The trick is that it can get you if you as a system administrator download
some open source program from the Internet, and build and install that
program; such activity often happens as "root", so a couple of scenarios
are possible:
(1) Root installs the malicious roff source unknowingly.
(2) During the process of building/installing the program, groff
is invoked as root to create a pre-formatted version of
the manual page (a "cat page"), at which point the trojan
horse does it dirty work.
-- Jason R. Thorpe <thorpej_at_nas.nasa.gov>
Received on Jul 26 1999
Intro
