[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Groff] insecurity
From: |
Werner LEMBERG |
Subject: |
Re: [Groff] insecurity |
Date: |
Wed, 12 Apr 2000 23:11:01 +0000 (GMT) |
> In Linux-Magazin 06/2000, there is an alarming article in the
> "Insecurity News" section called "man-Overflow", written by Mark
> Vogelsberger.
You probably mean 05/2000... I'll check the article.
> It lists a perl script to find buffer overflows and an exploit for
> them. Moreover, it says that Pawel Wilk has shown that it's
> possible to write man-pages that can run arbitrary code under the
> actual uid, even root.
It would be nice to know which version of groff he has tested.
> The problems are said to arise from the many system() calls using
> user-defined values that are easy to be manipulated.
Where are `the many system() calls'? By default, -msafer is used now
which deactivates .sy and friends...
> If necessary it should be possible to get both by mailing to
> <address@hidden>.
Will you please do that? Maybe the author can contact the groff list
also...
Werner