Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Troff dangerous.
From: okir () MONAD SWB DE (Olaf Kirch)
Date: Mon, 26 Jul 1999 12:36:22 +0200

On Sun, Jul 25, 1999 at 01:13:11AM -0218, Julian Squires wrote:
Redhat 5.2 is vulnerable. Both Debian slink and potato are not. Both
use groff 1.11a, but Debian's is patched. It appears that stock groff
1.11a is vulnerable, probably any older groff, as well.

I forgot this in my previous message to bugtraq, but there's of course
a way to disable these macros, which is by adding -msafer to the groff
command line (e.g. in /etc/man.conf or wherever your man config lives).

The tmac.safer package simply removes the offending commands and replaces
them with something that prints a warning. For those who can read troff:

.rm open opena pso sy pi
.de unsafe
.tm \\n(.F:\\n(.c: unsafe to execute request `\\$1'
.als open unsafe
.als opena unsafe
.als pso unsafe
.als sy unsafe
.als pi unsafe


Olaf Kirch         |  --- o --- Nous sommes du soleil we love when we play
okir () monad swb de  |    / | \   sol.dhoop.naytheet.ah kin.ir.samse.qurax
okir () caldera de    +-------------------- Why Not?! -----------------------
         UNIX, n.: Spanish manufacturer of fire extinguishers.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]