Bugtraq: Re: Troff dangerous.

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Troff dangerous.

From: peak () ARGO TROJA MFF CUNI CZ (Pavel Kankovsky)
Date: Sun, 25 Jul 1999 15:48:25 +0200


On Fri, 23 Jul 1999, Pawel Wilk wrote:

If you want your system safe,
don't look as root
at manual page.


The dangerous instructions (.pso, .open/.opena) are probably GNU
troff (aka groff) specific. Little (if any) functionality would be
lost if the were removed for the sake of safety.

Nevertheless, this does not imply other implementations must be
absolutely safe: for example, there are probably ways to abuse .so as
well (.so /dev/zero, .so /dev/kmem, .so some-system-fifo...).

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."

By Date By Thread

Current thread:

L0pht Heavy Industries - AntiSniff, (continued)
- L0pht Heavy Industries - AntiSniff Alex Yu (Jul 23)
- Trojan Horse Guard - Cassandra GOLD Release. Jonathan James (Jul 23)
- Troff dangerous. Pawel Wilk (Jul 23)
  - New way to pay in advance for ToorCon '99 in San Diego, California Ben (Jul 24)
  - Re: Troff dangerous. CyberPsychotic (Jul 25)
  - Re: Troff dangerous. Pavel Kankovsky (Jul 25)
    - Re: Troff dangerous. Warner Losh (Jul 27)
  - Re: Troff dangerous. Julian Squires (Aug 02)
    - Re: Troff dangerous. Olaf Kirch (Jul 26)
    - IBM-ERS Security Vulnerability Alert: IBM AIX: Non-root users can cause the system to crash ibm-ers () ERS IBM COM (Jul 26)
- Redhat 6.0 cachemgr.cgi lameness daniel () NEWS GUS NET (Jul 23)