Subject: Re: CVS commit: basesrc
To: None <tron@netbsd.org>
From: Perry E. Metzger <perry@piermont.com>
List: source-changes
Date: 07/26/1999 15:06:34
Matthias Scheler <tron@netbsd.org> writes:
> Log Message:
> Use "groff -S -Tascii" instead of "nroff" to avoid security problems
> if "man" is used by "root". Fixes PR security/8069 by Matthias Buelow.
This really didn't fix the entire problem.
In general, groff should be rigged so that "-S" is the default, and a
new option added to turn *off* that functionality. Otherwise, every
time anyone troff's a document a potential disaster might occur.
Perry