[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Groff] Re: FW: Re: soelim enhancement
|
From: |
Werner LEMBERG |
|
Subject: |
[Groff] Re: FW: Re: soelim enhancement |
|
Date: |
Mon, 26 Jul 1999 14:58:01 GMT |
1. I am forwarding the latest from Bill Morgan on his suggested
change to soelim, for your information. It doesn't call for any
action as yet.
I've moved this to the groff list -- BTW, should I make the list
public together with the announcement of the CVS repository of groff?
The list address will be address@hidden
2. I take it you have noticed the recent correspondence on "troff
dangerous". What do you think? I am inclined to the view that ANY
program which can invoke others is open to this kind of expoit by
root -- all it needs is for a fake Trojan to replace the called
program. I don't see either that groff is special in this resepct,
nor that there is any sensible action one can take to avoid it
short of disabling ".pso" altogether. Admittedly burying the
Trojan call in the troff source of a man page is a bit unexpected,
but then what isn't, in that game? I'm inclined to let the
correspondence run (if it will) and see what people say.
IIRC, my SuSE groff package had a fix for that. I'll look again.
Werner
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Groff] Re: FW: Re: soelim enhancement,
Werner LEMBERG <=