[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Groff] FW: ISS Security Advisory: GNU Groff utilities read untruste
From: |
Solar Designer |
Subject: |
Re: [Groff] FW: ISS Security Advisory: GNU Groff utilities read untrusted commands from current working directory |
Date: |
Thu, 23 Nov 2000 17:50:15 +0300 |
User-agent: |
Mutt/1.2.5i |
> Aftersome thinking I've done the following changes which is better
> IMHO than my first try:
>
> In safer mode (the default): macro files are searched in the home
> directory and the default path.
>
> In unsafe mode, the current directory is scanned additionally.
>
> troffrc and troffrc-end are neither searched in the current nor in
> the home directory.
>
> Font files are neither searched in the current nor in the home
> directory but only in the default font path.
Sounds reasonable.
> Again: Please test.
It passed my strace tests now. Thanks!
I think you should announce the next release on Bugtraq, so that
people know to upgrade.
--
/sd