[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Groff] GNU troff in OpenBSD
From: |
Ingo Schwarze |
Subject: |
Re: [Groff] GNU troff in OpenBSD |
Date: |
Sun, 16 Oct 2011 19:56:25 +0200 |
User-agent: |
Mutt/1.5.21 (2010-09-15) |
Hi Ralph,
Ralph Corderoy wrote on Sun, Oct 16, 2011 at 06:00:20PM +0100:
> Ingo Schwarze wrote:
>> -. pso bash -c "echo -n .ds *date\ ;date"
>> +. pso /bin/sh -c "echo -n .ds *date\ ;date"
> That smells odd;
Yes, please do say that aloud. :-/
This part of the hdtbl example code looks horribly unsafe;
shelling out of roff code is already questionable practice:
Some people read manuals as root and probably don't expect
malicious manuals to run arbitrary code (for that reason,
we decided that we will never support .pso in mandoc(1)
at all). And then it's using a non-portable shell and
questionable quoting on top of that.
> what if I've a file called ./mandate? Do the globs
> need escaping? I realise you haven't introduced them
Yes, and exactly those potential security issues were the
reason why i disabled those examples completely when porting
groff to OpenBSD, rather than even trying to fix the shell
GNUism.
I'd consider it quite useful if somebody who is actually
using hdtbl - i'm not using that macro package - would do
an audit and improve the code quality.
But that's beyond the scope of my patch.
> but I've only noticed them in browsing your patch. :-)
> Also, would plain `sh' suffice, relying on PATH?
Yes, it would suffice. Then again, all systems i ever heard of
agree on putting the standard shell in /bin, so i doubt that's
less portable, and arguably, it's marginally safer because
people might have unsafe PATHs and random crap lying around.
I don't have '.' in my PATH even when working as non-root,
but some systems do such things by default.
I have often seen portable scripts start with "#! /bin/sh".
Even GNU autoconf generates ./configure like that.
Yet i don't feel strongly about that detail.
Yours,
Ingo