Re: [Groff] Re: Bug#107459: pic can be forced to run commands in safe mo

groff

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Groff] Re: Bug#107459: pic can be forced to run commands in safe mo

From:	Werner LEMBERG
Subject:	Re: [Groff] Re: Bug#107459: pic can be forced to run commands in safe mode
Date:	Sat, 04 Aug 2001 09:29:11 +0200 (CEST)

> > pic can be forced to execute commands (sh X..X) when running in safe
> > mode (-S). It can be exploited trough lpd when groff/pic is run in
> > print filters, and arbitrary commands with id of lpd can be run.
> 
> Are you aware of this problem?

Yes.  The very reason that it hasn't been fixed yet is that I need a
free implementation of snprintf() -- additionally I was on vacation.
Should be fixed in the next few weeks.


    Werner

[Prev in Thread]

Current Thread

[Next in Thread]

[Groff] Re: Bug#107459: pic can be forced to run commands in safe mode, Colin Watson, 2001/08/02
- [Groff] Re: Bug#107459: pic can be forced to run commands in safe mode, Colin Watson, 2001/08/03
- Re: [Groff] Re: Bug#107459: pic can be forced to run commands in safe mode, Werner LEMBERG <=

Prev by Date: Re: [Groff] PfaEdit: better TTF -> Type1 conversion than ttf2pt1?
Next by Date: [Groff] Re: [OT] Printing from groff in cygwin
Previous by thread: [Groff] Re: Bug#107459: pic can be forced to run commands in safe mode
Next by thread: [Groff] Groff 1.17.2 and "Remote Linux Groff Exploitation via lpd"
Index(es):
- Date
- Thread