>On Fri, Jul 23, 1999 at 10:16:42PM +0200, Pawel Wilk wrote:
>>
>> If you want your system safe,
>> don't look as root
>> at manual page.
>
>Don't look at them _at_all_ before checking them for dangerous troff-commands
>I'd say. In the end of my message I have included the shellfunction I use to
>check manual pages before installing them / viewing them..
>
>What this also means is SGID man is probably not a good idea (a method that is
>used to avoid having the preformatted manualpage cache, catman, directories
>worldwriteable).
<RANT>
This is not a *new* security problem, thus has been known for
decades and ranks with trojan in VI and TeX and sh shell ( I will
attach a sh shell virus
I believe it was Spafford that published a worm or virus written in TeX
but I can't locate it in my security archives at the moment. I am sure
someone on this list has a copy.
Also in VI it is/was (depending on your system and which version of VI you
have installed) possible to have arbitrary commands executed as the file
was edited.
I believe the syntax was
#exec <command>
and it had to be one of the first five lines in the file
Thus you would update your warning to be:
when root dont edit files, read man pages or print TeX documents
or run commands.
Also don't forget to have set messages to off so people can't bounce
command off your terminals status line (aka: the "25th" line)
</RANT>
But as for your statement I would prefer a setuid/gid man (to a dedicated
uid and gid) thus *when* your troff is compromised. It will not have the
authority to compromise your system.
<<< plain/text: Unrecognized >>>
