Re: raw ansi-escape-codes in viewer?

From: Pavel Roskin <proski gnu org>
To: Werner LEMBERG <wl gnu org>
Cc: dooligan intergate ca, <mc gnome org>
Subject: Re: raw ansi-escape-codes in viewer?
Date: Mon, 28 Oct 2002 11:36:16 -0500 (EST)

Hello!

recent groff versions emit SGR escapes (aka ANSI color escapes)
for color support...


Just because it would be a simple solution for this problem, it
would not be a good solution.  Would not it be possible to fool
users by making fake password prompts in ANSI codes?


???  Can you tell me why groff should handle passwords?  We are
talking about displaying documents in the viewer, aren't we?  If mc
has to display a password, simply don't use color escapes.


I meant that adding ANSI support to the viewer would make it possible to
create documents (manually, not by groff) that would look like elements of
the user interface.  Maybe the passwords cannot be captured, but there are
still some possibilities for social engineering.  Show a window that asks
to send /etc/passwd to somebody, and even if just 0.1% of users do it, it
would be very bad.

There are three possibilities to reactivate the old behaviour:

   1) Setting an environment variable GROFF_NO_SGR.
   2) Passing the -c option to grotty (i.e. adding `-P-c' to groff).
   3) Add the special \X'tty:sgr 1' to the document.


Thank you!

I recommend 2).


I agree.  In groff-1.18-6 (Red Hat 8.0) this option cannot be passed to
nroff, so we'll have to test for groff first, and then for "-P-c" support.

-- 
Regards,
Pavel Roskin

References:
- Re: raw ansi-escape-codes in viewer?
  - From: Werner LEMBERG

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]