Re: [Groff] moving TOC to start

[Tadziu Hoffmann]

> BTW, I *never* have *any* user writeable directory before the
> system binary directories, in *my* PATH;  but, I guess it would
> be naive to expect everybody to follow that piece of simple
> security advice.

Obviously you're doing the Right Thing in this regard, but I
find it sometimes convenient to "replace" some system programs
with other versions or with wrappers with added functionality,
and these must come before the "normal" programs in PATH if you
don't always want to type the complete path to the executable
(or remeber a new name for each).

On the other hand, such logic isn't even necessary to cause
harm.  The malicious document just needs to append stuff to your
.profile, .login, .bashrc, or .tcshrc file, which *implicitly*
gets executed by you shell.  Simple and effective.
(It's conceivable that many people just take for granted that
these files exist (they're somehow "necessary" for "the system"
to function) but never realize what significance they have.)

> Never having actually used `.sy' and friends, I simply hadn't
> considered the possible security implications it may introduce,
> when coupled with the ability to write arbitrarily named files;

Incidentally, ".sy" was quite handy in the original [nt]roff
(which didn't have ".write") for writing stuff to files, à la
".sy echo stuff >>file".  Not particularly elegant having to
fire up a shell only to write a few words to a file, but at
least it worked...