gbranden pushed a commit to branch master
in repository groff.

commit fdc79d03f885a56acec7ce646028cd12486a3ce8
Author: G. Branden Robinson <[email protected]>
AuthorDate: Tue Jun 23 13:13:16 2026 -0500

    groff_font(5): Add "Notes" section.
    
    ...assisting humans to not take robots too seriously.
---
 man/groff_font.5.man | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)

diff --git a/man/groff_font.5.man b/man/groff_font.5.man
index 9d0af7ee3..f45053817 100644
--- a/man/groff_font.5.man
+++ b/man/groff_font.5.man
@@ -10,6 +10,7 @@ device and font description files
 .\" ====================================================================
 .\"
 .\" Copyright 1989-2025 Free Software Foundation, Inc.
+.\"                2026 G. Branden Robinson
 .\"
 .\" This file is part of groff, the GNU roff typesetting system.
 .\"
@@ -1114,6 +1115,60 @@ on device
 .
 .
 .\" ====================================================================
+.SH Notes
+.\" ====================================================================
+.
+Do not install an unfamiliar
+.I DESC
+device description file without reviewing it for sanity and correctness.
+.
+.I groff
+programs that interpret the
+.I DESC
+file pass the
+.I program
+argument to the directives
+.BR \%prepro ,
+.BR \%postpro ,
+.BR \%print ,
+and
+.B \%image_generator
+to
+.MR system 3 .
+.
+Automated tools or superficial analyses can produce spurious reports
+of a security vulnerability arising therefrom.
+.
+These directives do not create a command-injection vulnerability;
+any attacker who can get you to install
+a
+.I DESC
+file including a malicious shell command as
+.I program
+on the host,
+and then induce you to run
+.IR groff ,
+could just as easily have given you a malicious shell script
+and invited you to run that,
+directly or as a
+.I program
+argument.
+.
+In that situation,
+rewriting
+.I groff
+programs
+to use
+.MR fork 2
+and
+.MR execvp 3
+(or similar)
+affords no advantage,
+because a malicious shell script that requires no arguments
+compromises the host just as effectively.
+.
+.
+.\" ====================================================================
 .SH "See also"
 .\" ====================================================================
 .

_______________________________________________
groff-commit mailing list
[email protected]
https://lists.gnu.org/mailman/listinfo/groff-commit

Reply via email to