groff
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Groff] FW: ISS Security Advisory: GNU Groff utilities read untruste

From: Werner LEMBERG
Subject: Re: [Groff] FW: ISS Security Advisory: GNU Groff utilities read untrusted commands from current working directory
Date: Wed, 22 Nov 2000 23:06:36 +0100 (CET) 
> In this case, "-mandoc" is passed from lesspipe.sh; I've changed my
> version to do a "cd /" before running groff, but many distributions
> include the dangerous versions.  Maybe we could restrict -m as well?

Yes, see below.

> --- groff-1.16.1/src/preproc/eqn/main.cc.orig Tue Nov 21 15:46:09 2000
> +++ groff-1.16.1/src/preproc/eqn/main.cc      Tue Nov 21 15:46:26 2000
> @@ -329,7 +329,7 @@
>        device, program_name);
>    if (load_startup_file) {
>      char *path;
> -    FILE *fp = macro_path.open_file(STARTUP_FILE, &path);
> +    FILE *fp = safer_macro_path.open_file(STARTUP_FILE, &path);
>      if (fp) {
>        do_file(fp, path);
>        fclose(fp);

This is an error -- I've changed the path for the -M option instead of
this.  Thanks for noticing it.

> [... suggested fixes ...]

Aftersome thinking I've done the following changes which is better
IMHO than my first try:

  In safer mode (the default): macro files are searched in the home
  directory and the default path.

  In unsafe mode, the current directory is scanned additionally.

  troffrc and troffrc-end are neither searched in the current nor in
  the home directory.

  Font files are neither searched in the current nor in the home
  directory but only in the default font path.

There are a lot of possibilities to override that.

Again: Please test.


    Werner
reply via email to
[Prev in Thread] Current Thread [Next in Thread]