mailing list archives
Re: Troff dangerous.
From: thorpej () NAS NASA GOV (Jason Thorpe)
Date: Sun, 25 Jul 1999 13:27:44 -0700
On Sun, 25 Jul 1999 17:29:56 +0600
CyberPsychotic <mlists () GIZMO KYRNET KG> wrote:
~ If you want your system safe,
~ don't look as root
~ at manual page.
with accurately set permissions for man page directories, non-privileged
users shouldn't be able to add manual pages to the system (if they are
able to, system is whacked anyway), so I take this threat merely as
another trojan possibility - quite uncommon one indeed.
The trick is that it can get you if you as a system administrator download
some open source program from the Internet, and build and install that
program; such activity often happens as "root", so a couple of scenarios
(1) Root installs the malicious roff source unknowingly.
(2) During the process of building/installing the program, groff
is invoked as root to create a pre-formatted version of
the manual page (a "cat page"), at which point the trojan
horse does it dirty work.
-- Jason R. Thorpe <thorpej () nas nasa gov>