[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Groff] moving TOC to start
From: |
Keith MARSHALL |
Subject: |
Re: [Groff] moving TOC to start |
Date: |
Fri, 30 Sep 2005 09:29:21 +0100 |
Tadziu Hoffman wrote:
> Assume that you (an unsuspecting groff user) want to format a
> document downloaded from the internet for printing, but the
> roff-file has unfortunately been modified by some malicious
> prankster to write a shell script called "ls" to your personal
> "bin" directory (which is included in your PATH *before* /bin)
> and the next time you execute ls... well, you get the idea.
> (I'm ignoring things like the permission bits here, but you can
> instead append to a file that already has execute permission.)
>
> Furthermore, "-U" does not only allow "extended functionality",
> but omitting "-U" also gives you "reduced functionality" by
> disabling the ".sy" request that allows executing arbitrary
> programs in your name.
Thanks for this explanation, (and also thanks to Mike Bianchi
for a similar one). Of course, I get the point now.
Never having actually used `.sy' and friends, I simply hadn't
considered the possible security implications it may introduce,
when coupled with the ability to write arbitrarily named files;
(makes note: put brain in gear before rushing to type).
BTW, I *never* have *any* user writeable directory before the
system binary directories, in *my* PATH; but, I guess it would
be naive to expect everybody to follow that piece of simple
security advice.
Regards,
Keith.
- Re: [Groff] moving TOC to start, (continued)