Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Troff dangerous.
From: smb () RESEARCH ATT COM (Steven M. Bellovin)
Date: Mon, 26 Jul 1999 15:28:39 -0400

In message <199907251418.KAA05569 () loverso southborough ma us>, John Robert LoVe
rso writes:
This isn't a problem with "troff" or any of it's varients.  Instead,
this is an exploit purely with "groff", the GNU reimplementation.  Troff
doesn't have the file stream or ".pso" requests; those are purely part
of groff.

Thus, this affects only systems with groff installed (all Linux and FreeBSD
systems, at least).


Umm, not quite.  My 1976 (no, that's not a typo) nroff/troff manual has
.pi -- pipe output to program; .sy is also ancient, and probably there since
at least since 1977.  My 1981 addendum also lists .! as another way to do
shell escapes.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]