[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Groff] FW: ISS Security Advisory: GNU Groff utilities read untruste
|
From: |
Werner LEMBERG |
|
Subject: |
Re: [Groff] FW: ISS Security Advisory: GNU Groff utilities read untrusted com mands from current working directory |
|
Date: |
Sat, 14 Oct 2000 10:57:42 +0200 (CEST) |
> > > By default, the "troff" program reads its "troffrc"
> > > initialization file from the current working directory. From a
> > > security standpoint, it would be desirable to restrict the
> > > searchable path for this file to the invoker's home directory
> > > and/or a trusted system. Unfortunately, this could present
> > > problems for programs that depend on the current behavior.
> >
> > My suggestion is to restrict the location of troffrc and
> > troffrc-end to `~' and groff's default tmac directory
> > (e.g. /usr/local/share/groff/tmac) if the -U flag isn't given.
>
> What about the files specified from the command line (these should
> be opened relative to the current directory, or existing lesspipe.sh
> would break)?
I think such files won't cause any harm since all unsafe requests are
now disabled in a secure manner.
> What about files referenced from troffrc and possibly from other
> files?
An easy solution would be to disable the .so request for troffrc and
troffrc-end; only .mso would work. Hyphenation patterns already use
the macro path, so this wouldn't cause problems.
Werner