[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Groff] FW: ISS Security Advisory: GNU Groff utilities read untruste
From: |
Werner LEMBERG |
Subject: |
Re: [Groff] FW: ISS Security Advisory: GNU Groff utilities read untrusted commands from current working directory |
Date: |
Sat, 14 Oct 2000 12:58:45 +0200 (CEST) |
> > GNU Groff utilities read untrusted commands from current working
> > directory
>
> It really is non-obvious how this should be fixed. The trivial fix
> would be to remove the dots from fontpath and tmacpath, but I expect
> this to break things. I've considered restricting this change to
> the safer mode, but (1) there're cases where the safer mode is
> useful and the input file is in the current directory (well, they
> could use the full path) and (2) safer_flag isn't properly
> initialized by the time search_path constructors are called (don't
> want to be changing too much of the code in a security patch). So
> this doesn't seem like a good idea.
But this is the way to go IMHO. As mentioned in a previous mail,
restricting the font and tmac patch to `~' and the default path in
safer mode can easily be implemented. Additionally, I will add a
warning message if GROFF_{TMAC,FONT}_PATH is set that these two
environment variables are ignored in safer mode.
> The macro files themselves reference other files:
>
> .\" Load hyphenation patterns from `hyphen.us' (in the tmac directory).
> .do hpf hyphen.us
.hpf uses the same search patch as the .mso request.
> There appears to be no way to specify that a file should be loaded
> from "the tmac directory".
There is: .mso
Werner