For security reasons, don't use the current directory but the home

directory while searching and scanning troffrc and troffrc-end.
Similarly, replace the current directory with the home directory
in the font path.

* Makefile.in (fontpath, tmacpath): Remove current directory.

* src/libs/libgroff/searchpath.cc (search_path::search_path): Add
two parameters `add_home' and `add_current'.
(search_path::~search_path, search_path::command_line_dir,
search_path::open_file): Remove tests for `dirs' being zero.
* src/include/searchpath.h: Adjust.
* src/libs/libgroff/macropath.cc, src/include/macropath.h: Add
`safer_macro_path'.
* src/libs/libgroff/fontfile.cc: Adjust `font_path'.

* src/roff/troff/troff.h: Add `searchpath.h' and `mac_path'.
* src/roff/troff/input.cc: Use `mac_path', initialized with
`macro_path'.
(process_startup_file): Set `mac_path' to `safer_macro_path'.
* src/roff/troff/env.cc: Use `mac_path'.

* src/preproc/eqn/main.cc (main): Use `safer_macro_path'.

* NEWS, man/roff.man, src/roff/troff/troff.man,
src/rof/groff/groff.man, tmac/groff_tmac.man, arch/djgpp/README:
Updated.


* src/include/lib.h: Don't include groff-getopt.h for OSF/1.

* aclocal.m4 (GROFF_SYS_ERRLIST): Do test in C, not in C++.
* configure.in: Fix typo in comment.
* configure: Regenerated.

* src/libgroff/*, src/include/*, src/roff/troff/*: Fixing copyright
dates.

13 files changed, 63 insertions, 38 deletions

diff --git a/src/roff/groff/groff.man b/src/roff/groff/groff.man
index 16bc7ef4..8fa2377a 100644
--- a/src/roff/groff/groff.man
+++ b/src/roff/groff/groff.man
@@ -347,6 +347,9 @@ and
 .B GROFF_TMAC_PATH
 A colon separated list of directories in which to search for
 macro files in addition to the default directories.
+See
+.BR troff (1)
+for more details.
 .TP
 .SM
 .B GROFF_TYPESETTER
@@ -357,6 +360,9 @@ Default device.
 A colon separated list of directories in which to search for the
 .BI dev name
 directory in addition to the default one.
+See
+.BR troff (1)
+for more details.
 .TP
 .SM
 .B GROFF_BIN_PATH
diff --git a/src/roff/troff/column.cc b/src/roff/troff/column.cc
index 096f3811..8d6a6ebe 100644
--- a/src/roff/troff/column.cc
+++ b/src/roff/troff/column.cc
@@ -1,5 +1,5 @@
 // -*- C++ -*-
-/* Copyright (C) 1989, 1990, 1991, 1992 Free Software Foundation, Inc.
+/* Copyright (C) 1989, 1990, 1991, 1992, 2000 Free Software Foundation, Inc.
      Written by James Clark (jjc@jclark.com)
 
 This file is part of groff.
diff --git a/src/roff/troff/div.cc b/src/roff/troff/div.cc
index 8566cd0f..01ee2c61 100644
--- a/src/roff/troff/div.cc
+++ b/src/roff/troff/div.cc
@@ -1,5 +1,5 @@
 // -*- C++ -*-
-/* Copyright (C) 1989, 1990, 1991, 1992 Free Software Foundation, Inc.
+/* Copyright (C) 1989, 1990, 1991, 1992, 2000 Free Software Foundation, Inc.
      Written by James Clark (jjc@jclark.com)
 
 This file is part of groff.
diff --git a/src/roff/troff/env.cc b/src/roff/troff/env.cc
index cd5c45c9..378cfffd 100644
--- a/src/roff/troff/env.cc
+++ b/src/roff/troff/env.cc
@@ -1,5 +1,5 @@
 // -*- C++ -*-
-/* Copyright (C) 1989, 1990, 1991, 1992 Free Software Foundation, Inc.
+/* Copyright (C) 1989, 1990, 1991, 1992, 2000 Free Software Foundation, Inc.
      Written by James Clark (jjc@jclark.com)
 
 This file is part of groff.
@@ -29,7 +29,6 @@ Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */
 #include "div.h"
 #include "reg.h"
 #include "charinfo.h"
-#include "searchpath.h"
 #include "macropath.h"
 #include <math.h>
 
@@ -3114,7 +3113,7 @@ void hyphen_trie::read_patterns_file(const char *name)
   int num[WORD_MAX+1];
   errno = 0;
   char *path = 0;
-  FILE *fp = macro_path.open_file(name, &path);
+  FILE *fp = mac_path->open_file(name, &path);
   if (fp == 0) {
     error("can't find hyphenation patterns file `%1'", name);
     return;
diff --git a/src/roff/troff/env.h b/src/roff/troff/env.h
index d2a1fb34..6792ea63 100644
--- a/src/roff/troff/env.h
+++ b/src/roff/troff/env.h
@@ -1,5 +1,5 @@
 // -*- C++ -*-
-/* Copyright (C) 1989, 1990, 1991, 1992 Free Software Foundation, Inc.
+/* Copyright (C) 1989, 1990, 1991, 1992, 2000 Free Software Foundation, Inc.
      Written by James Clark (jjc@jclark.com)
 
 This file is part of groff.
diff --git a/src/roff/troff/input.cc b/src/roff/troff/input.cc
index 125b3272..b9cd5c84 100644
--- a/src/roff/troff/input.cc
+++ b/src/roff/troff/input.cc
@@ -1,5 +1,5 @@
 // -*- C++ -*-
-/* Copyright (C) 1989, 1990, 1991, 1992 Free Software Foundation, Inc.
+/* Copyright (C) 1989, 1990, 1991, 1992, 2000 Free Software Foundation, Inc.
      Written by James Clark (jjc@jclark.com)
 
 This file is part of groff.
@@ -31,7 +31,6 @@ Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */
 #include "charinfo.h"
 #include "stringclass.h"
 #include "font.h"
-#include "searchpath.h"
 #include "macropath.h"
 #include "defs.h"
 
@@ -114,6 +113,8 @@ int is_html2 = 0;
 int tcommand_flag = 0;
 int safer_flag = 1;		// safer by default
 
+search_path *mac_path = &macro_path;
+
 static int get_copy(node**, int = 0);
 static void copy_mode_error(const char *,
 			    const errarg & = empty_errarg,
@@ -5641,13 +5642,13 @@ static FILE *open_mac_file(const char *mac, char **path)
   char *s1 = new char[strlen(mac)+strlen(MACRO_POSTFIX)+1];
   strcpy(s1, mac);
   strcat(s1, MACRO_POSTFIX);
-  FILE *fp = macro_path.open_file(s1, path);
+  FILE *fp = mac_path->open_file(s1, path);
   a_delete s1;
   if (!fp) {
     char *s2 = new char[strlen(mac)+strlen(MACRO_PREFIX)+1];
     strcpy(s2, MACRO_PREFIX);
     strcat(s2, mac);
-    fp = macro_path.open_file(s2, path);
+    fp = mac_path->open_file(s2, path);
     a_delete s2;
   }
   return fp;
@@ -5669,13 +5670,16 @@ static void process_macro_file(const char *mac)
 static void process_startup_file(char *filename)
 {
   char *path;
-  FILE *fp = macro_path.open_file(filename, &path);
+  // restrict path for security reasons
+  mac_path = &safer_macro_path;
+  FILE *fp = mac_path->open_file(filename, &path);
   if (fp) {
     input_stack::push(new file_iterator(fp, symbol(path).contents()));
     a_delete path;
     tok.next();
     process_input_stack();
   }
+  mac_path = &macro_path;
 }
 
 void macro_source()
@@ -5687,7 +5691,7 @@ void macro_source()
     while (!tok.newline() && !tok.eof())
       tok.next();
     char *path;
-    FILE *fp = macro_path.open_file(nm.contents(), &path);
+    FILE *fp = mac_path->open_file(nm.contents(), &path);
     // .mso doesn't (and cannot) go through open_mac_file, so we
     // need to do it here manually: If we have tmac.FOOBAR, try
     // FOOBAR.tmac and vice versa
@@ -5697,7 +5701,7 @@ void macro_source()
 	char *s = new char[strlen(fn) + sizeof(MACRO_POSTFIX)];
 	strcpy(s, fn + sizeof(MACRO_PREFIX) - 1);
 	strcat(s, MACRO_POSTFIX);
-	fp = macro_path.open_file(s, &path);
+	fp = mac_path->open_file(s, &path);
 	a_delete s;
       }
       if (!fp) {
@@ -5706,7 +5710,7 @@ void macro_source()
 	  char *s = new char[strlen(fn) + sizeof(MACRO_PREFIX)];
 	  strcpy(s, MACRO_PREFIX);
 	  strncat(s, fn, strlen(fn) - sizeof(MACRO_POSTFIX) + 1);
-	  fp = macro_path.open_file(s, &path);
+	  fp = mac_path->open_file(s, &path);
 	  a_delete s;
 	}
       }
diff --git a/src/roff/troff/node.cc b/src/roff/troff/node.cc
index a114a40e..f5585512 100644
--- a/src/roff/troff/node.cc
+++ b/src/roff/troff/node.cc
@@ -1,5 +1,5 @@
 // -*- C++ -*-
-/* Copyright (C) 1989, 1990, 1991, 1992 Free Software Foundation, Inc.
+/* Copyright (C) 1989, 1990, 1991, 1992, 2000 Free Software Foundation, Inc.
      Written by James Clark (jjc@jclark.com)
 
 This file is part of groff.
diff --git a/src/roff/troff/node.h b/src/roff/troff/node.h
index 21e585dc..6a602dc3 100644
--- a/src/roff/troff/node.h
+++ b/src/roff/troff/node.h
@@ -1,5 +1,5 @@
 // -*- C++ -*-
-/* Copyright (C) 1989, 1990, 1991, 1992 Free Software Foundation, Inc.
+/* Copyright (C) 1989, 1990, 1991, 1992, 2000 Free Software Foundation, Inc.
      Written by James Clark (jjc@jclark.com)
 
 This file is part of groff.
diff --git a/src/roff/troff/reg.cc b/src/roff/troff/reg.cc
index 79e78062..254b0ff4 100644
--- a/src/roff/troff/reg.cc
+++ b/src/roff/troff/reg.cc
@@ -1,5 +1,5 @@
 // -*- C++ -*-
-/* Copyright (C) 1989, 1990, 1991, 1992 Free Software Foundation, Inc.
+/* Copyright (C) 1989, 1990, 1991, 1992, 2000 Free Software Foundation, Inc.
      Written by James Clark (jjc@jclark.com)
 
 This file is part of groff.
diff --git a/src/roff/troff/reg.h b/src/roff/troff/reg.h
index b983b875..fe04f2ab 100644
--- a/src/roff/troff/reg.h
+++ b/src/roff/troff/reg.h
@@ -1,5 +1,5 @@
 // -*- C++ -*-
-/* Copyright (C) 1989, 1990, 1991, 1992 Free Software Foundation, Inc.
+/* Copyright (C) 1989, 1990, 1991, 1992, 2000 Free Software Foundation, Inc.
      Written by James Clark (jjc@jclark.com)
 
 This file is part of groff.
diff --git a/src/roff/troff/request.h b/src/roff/troff/request.h
index 7b3ad014..a26ebf48 100644
--- a/src/roff/troff/request.h
+++ b/src/roff/troff/request.h
@@ -1,5 +1,5 @@
 // -*- C++ -*-
-/* Copyright (C) 1989, 1990, 1991, 1992 Free Software Foundation, Inc.
+/* Copyright (C) 1989, 1990, 1991, 1992, 2000 Free Software Foundation, Inc.
      Written by James Clark (jjc@jclark.com)
 
 This file is part of groff.
diff --git a/src/roff/troff/troff.h b/src/roff/troff/troff.h
index 1f1e612b..5702d24e 100644
--- a/src/roff/troff/troff.h
+++ b/src/roff/troff/troff.h
@@ -1,5 +1,5 @@
 // -*- C++ -*-
-/* Copyright (C) 1989, 1990, 1991, 1992 Free Software Foundation, Inc.
+/* Copyright (C) 1989, 1990, 1991, 1992, 2000 Free Software Foundation, Inc.
      Written by James Clark (jjc@jclark.com)
 
 This file is part of groff.
@@ -30,6 +30,7 @@ Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */
 #include "lib.h"
 #include "assert.h"
 #include "device.h"
+#include "searchpath.h"
 
 void cleanup_and_exit(int n);
 
@@ -48,6 +49,8 @@ extern int vresolution;
 extern int hresolution;
 extern int sizescale;
 
+extern search_path *mac_path;
+
 #include "cset.h"
 #include "cmap.h"
 #include "errarg.h"
diff --git a/src/roff/troff/troff.man b/src/roff/troff/troff.man
index 0b883b88..c7bd2a71 100644
--- a/src/roff/troff/troff.man
+++ b/src/roff/troff/troff.man
@@ -147,8 +147,13 @@ Read in the file
 If it isn't found, try
 .BI tmac. name
 instead.
-Normally this will be searched for in the current directory, @LOCALMACRODIR@,
-@SYSTEMMACRODIR@, or @MACRODIR@.
+It will be first searched for in directories given with the
+.B \-M
+command line option, then in the current directory, then in directories given
+in the
+.B GROFF_MACRO_PATH
+environment variable, then in @LOCALMACRODIR@, @SYSTEMMACRODIR@, and
+@MACRODIR@.
 .TP
 .B \-U
 Unsafe mode.
@@ -214,25 +219,22 @@ rather than the default
 .BR @DEVICE@ .
 .TP
 .BI \-F dir
-Search
+Search in directory (or directory path)
 .I dir
 for subdirectories
 .BI dev name
 .RI ( name
-is the name of the device)
-for the
+is the name of the device) and there for the
 .B DESC
-file and font files before the normal
-.BR @FONTDIR@ .
+file and font files.
+.I dir
+is scanned before all other font directories.
 .TP
 .BI \-M dir
-Search directory
+Search directory (or directory path)
 .I dir
-for macro files before the normal
-.BR @LOCALMACRODIR@ ,
-.BR @SYSTEMMACRODIR@ ,
-and
-.BR @MACRODIR@ .
+for macro files.
+This is scanned before all other macro directories.
 .SH USAGE
 Only the features not in Unix troff are described here.
 .SS Long names
@@ -2194,10 +2196,13 @@ escape sequence.
 A colon separated list of directories in which to search for
 macro files.
 .B troff
-will search in directories given in the
+will scan directories given in
+the
 .B \-M
-option before these, and in standard directories
-.RB ( @MACROPATH@ )
+option before these, and in standard directories (home directory,
+.BR @LOCALMACRODIR@ ,
+.BR @SYSTEMMACRODIR@ ,
+.BR @MACRODIR@ )
 after these.
 .TP
 .SM
@@ -2210,10 +2215,11 @@ A colon separated list of directories in which to search for the
 .BI dev name
 directory.
 .B troff
-will search in directories given in the
+will scan directories given in the
 .B \-F
 option before these, and in standard directories
-.RB ( @FONTPATH@ )
+(home directory,
+.BR @FONTPATH@ )
 after these.
 .SH FILES
 .Tp \w'@FONTDIR@/devname/DESC'u+3n
@@ -2237,6 +2243,13 @@ Font file for font
 .I F
 of device
 .IR name .
+.LP
+While searching for and scanning the initialization files
+.B troffrc
+and
+.BR troffrc-end ,
+a special search path is used for security reasons: The current directory
+is replaced with the home directory in the search path.
 .SH "SEE ALSO"
 .BR groff (@MAN1EXT@),
 .BR @g@tbl (@MAN1EXT@),