Re: [Groff] Insecurity

groff

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Groff] Insecurity

From:	Werner LEMBERG
Subject:	Re: [Groff] Insecurity
Date:	Fri, 14 Apr 2000 22:56:26 +0000 (GMT)

> In a previous mail, I mentioned an article on man-insecurities in
> Linux- Magazin.  I searched www.altavista.com for the name `Pawel
> Wilk' mentioned inthe article and found mayn interesting troff
> discussions in mail archives.
> 
> Moreover, the link
> 
> http://mirror.viii-lo.krakow.pl/bugs/security/bugs/mUNIXes/groff.html
> 
> describes how to install a trojan horse together with a corrupted
> man page.  This could be easily prohibited by checksums, but for
> non-distribution files the danger remains.

With the next groff release this will be no longer possible because
the -S option of groff is now default, disabling .opena, .sy, .pso,
and friends.


    Werner

[Prev in Thread]

Current Thread

[Next in Thread]

[Groff] insecurity, Bernd Warken, 2000/04/12
- Re: [Groff] insecurity, Werner LEMBERG, 2000/04/12
- [Groff] Insecurity, Bernd Warken, 2000/04/14
  - Re: [Groff] Insecurity, Werner LEMBERG <=

Prev by Date: [Groff] Insecurity
Next by Date: Re: [Groff] long options
Previous by thread: [Groff] Insecurity
Next by thread: [Groff] long options
Index(es):
- Date
- Thread