Re: Groff/troff security exposure
-----BEGIN PGP SIGNED MESSAGE-----
On Thu, 5 Oct 2000, Alan KF LAU wrote:
> Just a question. I've tried it on my own server which is Debian 2.2.17 woody(unstable) version. I got the following message when trying 2:
> ./troffrc:1: can't open `/etc/passwd' for appending: Permission denied
> ./troffrc:2: no stream named 'passwds'
> ./troffrc:3: no stream named 'passwds'
> Is this bug already fixed in Debian 2.2 Woody(unstable)?
Javier's email does specify that you need to be logged in as root. I
assume you were not.
There have been similar attacks to this in other packages for quite some
time. I believe it would be reasonable for man to run setuid man, would
it not? In fact, considering that there's a man user in /etc/passwd by
default in Debian, why isn't it?
| Web: http://web.morgul.net/~frodo/
| PGP Public Key: http://web.morgul.net/~frodo/mail.html
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
-----END PGP SIGNATURE-----