groff
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Groff] moving TOC to start


From: Keith MARSHALL
Subject: Re: [Groff] moving TOC to start
Date: Thu, 29 Sep 2005 13:46:29 +0100

Egil Kvaleberg wrote, quoting me:
>> Not a big deal, I know, but `unsafe' is a rather unfortunate choice
>> of name for this `extended functionality' mode of groff's.
>
> The command allows unsafe behaviour in the same manner as, I believe,
> 'Word' macros, so the name is appropriate IMHO.

Word macros are inherently unsafe because they permit the execution of
arbitrary code, effectively with super-user privileges on account of
Windoze' weak security model, simply by opening what is ostensibly a
text document.

I find it difficult to see how allowing groff to write to named files,
in addition to stdout and stderr, represents any such sort of security
risk, especially when run on a host with a proper security model, unless
of course you are crazy enough to install groff suid root, but perhaps
you know otherwise.

Anyway, as I said, it isn't such a big deal.

Regards,
Keith.




reply via email to

[Prev in Thread] Current Thread [Next in Thread]