[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Groff] FW: ISS Security Advisory: GNU Groff utilities read untruste
|
From: |
Solar Designer |
|
Subject: |
Re: [Groff] FW: ISS Security Advisory: GNU Groff utilities read untrusted com mands from current working directory |
|
Date: |
Sat, 14 Oct 2000 03:21:13 +0400 (MSD) |
> > By default, the "troff" program reads its "troffrc" initialization
> > file from the current working directory. From a security
> > standpoint, it would be desirable to restrict the searchable path
> > for this file to the invoker's home directory and/or a trusted
> > system. Unfortunately, this could present problems for programs
> > that depend on the current behavior.
>
> My suggestion is to restrict the location of troffrc and troffrc-end
> to `~' and groff's default tmac directory
> (e.g. /usr/local/share/groff/tmac) if the -U flag isn't given.
What about the files specified from the command line (these should be
opened relative to the current directory, or existing lesspipe.sh
would break)? What about files referenced from troffrc and possibly
from other files?
I think it is safe to allow relative paths on the command line, but
everything referenced from troffrc should be restricted.
> Additionally, I'll implement tmac.safer internally, i.e., without the
> -U flag these requests will produce error messages. tmac.safer will
> then no longer exist.
This is a good idea.
Signed,
Solar Designer