Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Troff dangerous.
From: sky () WIBBLE NET INVALID (Nic Bellamy)
Date: Mon, 26 Jul 1999 10:42:06 +1200


On Sun, 25 Jul 1999, John Robert LoVerso wrote:

Thus, this affects only systems with groff installed (all Linux and FreeBSD
systems, at least).

One Linux distribution that doesn't appear to be vulnerable is Debian
(tested on 2.1/slink) - the maintainer of the groff package has made the
-S ("Safer mode") the default, which turns off potentially dangerous
commands like .opena, .pso, etc.

Hopefully this change can make it into the official GNU groff distribution
- as useful as these features may be, I doubt the majority of people use
groff for much more than formatting manpages. Safe defaults are always
good.

I've also checked OpenBSD 2.5 and FreeBSD 3.2 - the groff on both systems
defaults to the unsafe behaviour.

Regards,
        Nic.

P.S. My apologies for the From: address mangling - I received far too many
     vacation messages and spams last time I posted here.

-- Nic Bellamy <-- Nic Bellamy <sky () wibble net invalid>
   J. Random Coder.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault