Follow-up Comment #7, bug #64612 (project groff):
[comment #5 comment #5:]
> > If the download file containing the path to the postscript
> > font is only writeable by root I think we can trust the path.
>
> That seems unnecessarily restrictive to me. A user might have
> a "local" font directory under their $HOME.
But a user maintaining a personal "download" file has to trust the entries
they're putting into that file. If they don't vet their fonts, and something
nefarious slips in, no amount of groff restricting pathnames will block that
malicious code.
So as long as a user trusts root and herself, it seems that pathnames in
"download" files are safe. (This is a separate situation from ones within a
document--but even there, enabling directory traversal with "-U" would seem to
be within that switch's mission.)
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?64612>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
