Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Troff dangerous.
From: yozo () AOHAKOBE IPC CHIBA-U AC JP (Yozo Toda)
Date: Mon, 26 Jul 1999 11:41:36 +0900

A "fix" to the problem would be to introduce a commandswitch for enabling the
dangerous troff-commands, which is what I personally am going to do anyway..

looking at groff-1.10 and groff-1.11a,
I found -msafer option to DISABLE dangerous commands...

%%%% from "nroff -man $(GROFF)/tmac/msafer.n" %%%%

MSAFER(7)         Device and Network Interfaces         MSAFER(7)

     msafer - groff -msafer macros

     groff -msafer [ options...  ] [ files...  ]

     The -msafer macros remove the open, opena, pso,  sy  and  pi
     requests.  These macros should be used when processing input
     from an untrustworthy  source.   For  maximum  safety,  they
     should be the first -m option on the command-line.  Normally
     they are invoked using the -S option of  groff,  which  will
     also pass gpic the -S flag.


     groff(1), gtroff(1), gpic(1)

Groff Version 1.11  Last change: 26 June 1995                   1

%%%% %%%%

-- yozo.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]