> Date: Sun, 25 Jul 1999 10:18:20 -0400 > From: John Robert LoVerso <johnat_private> > > This isn't a problem with "troff" or any of it's varients. Instead, > this is an exploit purely with "groff", the GNU reimplementation. Troff > doesn't have the file stream or ".pso" requests; those are purely part > of groff. > > Thus, this affects only systems with groff installed (all Linux and FreeBSD > systems, at least). > > John > The original nroff had a ".pi" command (which only worked for nroff, not troff). It pipes the output of the nroff command to a particular program, although no command line arguments could be supplied. (This is according to the "Nroff/Troff User's Manual", section 19: "Input/Output File Switching".) I agree it's a concern, although having the man pages writable in the first place is something of a risk if you ask me... I would think that the principle of least privilege would apply. ...Ronny -- Ronald Cook, Technical Manager - Message Handling Systems/The Message eXchange Email: ronnyat_private ----- Phone: +61-2-9550-4448 ---- Fax: +61-2-9519-2551
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:53:32 PDT