[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[mgp-users-jp 00908] safe by default
- To: mgp-users-jp@mew.org
- Subject: [mgp-users-jp 00908] safe by default
- From: Fumitoshi UKAI <ukai@debian.or.jp>
- Date: Thu, 06 Dec 2001 02:49:17 +0900
- Delivered-to: mailing list mgp-users-jp@mew.org
- Mailing-list: contact mgp-users-jp-help@mew.org; run by ezmlm
- Organization: Debian JP Project
- User-agent: Wanderlust/2.6.0 (Twist And Shout) SEMI/1.14.3 (Ushinoya) FLIM/1.14.3 (Unebigoryōmae) APEL/10.3 Emacs/21.1 (i386-debian-linux-gnu) MULE/5.0 (SAKAKI)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=122404&repeatmerged=yes
| 'mgp' has the option '-S' that means "Be secure".
| This option is not used by default. The user has to specify '-S' to
|run it in the "safe mode".
|
| It is better that 'mgp' always run in "safe mode". The user should
|specify a option to turn off "safe mode" instead.
といわれているのですが、以下のようにしてはどうでしょうか?
# groff も defaultで -S (safe mode)で -U で unsafe modeになるように
# なっていますね。
Index: mgp.c
===================================================================
RCS file: /var/cvs/debian/mgp/mgp.c,v
retrieving revision 1.1.1.12
diff -u -u -r1.1.1.12 mgp.c
--- mgp.c 27 Sep 2001 15:04:36 -0000 1.1.1.12
+++ mgp.c 5 Dec 2001 17:43:22 -0000
@@ -214,11 +214,14 @@
#endif
progname = argv[0];
+ /* secure by default. If you need fork/exec, use -U */
+ mgp_flag |= FL_NOFORK;
+
if ((p = getenv("MGPWDIR")) != NULL) {
mgpwdir = p;
}
-#define ACCEPTOPTS "BdvVob:c:eg:f:hlGp:qt:Q:PST:D:CORw:X:x:nF:E:"
+#define ACCEPTOPTS "BdvVob:c:eg:f:hlGp:qt:Q:PSUT:D:CORw:X:x:nF:E:"
while ((opt = getopt(argc, argv, ACCEPTOPTS)) != -1) {
#undef ACCEPTOPTS
switch (opt) {
@@ -300,6 +303,9 @@
case 'S':
mgp_flag |= FL_NOFORK;
break;
+ case 'U':
+ mgp_flag &= ~FL_NOFORK;
+ break;
case 'T':
tsfile = optarg;
@@ -668,7 +674,8 @@
fprintf(stderr, "\t-O: Obey to the window manager\n");
fprintf(stderr, "\t-Q <quality>: Set background image quality(0-100)\n");
fprintf(stderr, "\t-R: Do not perform automatic reload\n");
- fprintf(stderr, "\t-S: Do not process directives that forks process\n");
+ fprintf(stderr, "\t-S: Do not process directives that forks process (default)\n");
+ fprintf(stderr, "\t-U: Do process directives that forks process (unsecure mode)\n");
fprintf(stderr, "\t-T <timestampfile>: Update timestampfile on page refresh\n");
fprintf(stderr, "\t-V: Be verbose\n");
fprintf(stderr, "\t-X <gsdevice>: ghostscript device to use\n");
Index: mgp.man
===================================================================
RCS file: /var/cvs/debian/mgp/mgp.man,v
retrieving revision 1.1.1.7.4.1
diff -u -u -r1.1.1.7.4.1 mgp.man
--- mgp.man 26 Nov 2001 16:32:21 -0000 1.1.1.7.4.1
+++ mgp.man 5 Dec 2001 17:44:30 -0000
@@ -237,7 +237,10 @@
Be secure.
Skip directives that fork/exec the child process.
It is suggested to use this option if you got some presentation file
-from others.
+from others. This is enabled by default.
+.It Fl U
+Be unsecure.
+Enable directives that fork/exec the child process.
.It Fl T Ar timestampfile
If the option is specified,
.Nm
--
鵜飼文敏