Re: [Groff] insecurity

groff

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Groff] insecurity

From:	Werner LEMBERG
Subject:	Re: [Groff] insecurity
Date:	Wed, 12 Apr 2000 23:11:01 +0000 (GMT)

> In Linux-Magazin 06/2000, there is an alarming article in the
> "Insecurity News" section called "man-Overflow", written by Mark
> Vogelsberger.

You probably mean 05/2000... I'll check the article.

> It lists a perl script to find buffer overflows and an exploit for
> them.  Moreover, it says that Pawel Wilk has shown that it's
> possible to write man-pages that can run arbitrary code under the
> actual uid, even root.

It would be nice to know which version of groff he has tested.

> The problems are said to arise from the many system() calls using
> user-defined values that are easy to be manipulated.

Where are `the many system() calls'?  By default, -msafer is used now
which deactivates .sy and friends...

> If necessary it should be possible to get both by mailing to
> <address@hidden>.

Will you please do that?  Maybe the author can contact the groff list
also...


    Werner

[Prev in Thread]

Current Thread

[Next in Thread]

[Groff] insecurity, Bernd Warken, 2000/04/12
- Re: [Groff] insecurity, Werner LEMBERG <=
- [Groff] Insecurity, Bernd Warken, 2000/04/14
  - Re: [Groff] Insecurity, Werner LEMBERG, 2000/04/14

Prev by Date: Re: [Groff] Sun OS 5.6 / Groff 1.14
Next by Date: [Groff] long options
Previous by thread: [Groff] insecurity
Next by thread: [Groff] Insecurity
Index(es):
- Date
- Thread