Date: 16 Jan 2002 17:55:03 +0000 From: Paul Richards <paul@freebsd-services.com> To: Murray Stokely <murray@FreeBSD.org> Cc: freebsd-qa@FreeBSD.org Subject: Re: Changes to man(1) Message-ID: <1011203704.2163.10.camel@lobster.originative.co.uk> In-Reply-To: <20020115234038.GR6073@windriver.com> References: <20020115234038.GR6073@windriver.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 2002-01-15 at 23:40, Murray Stokely wrote: > The release engineers would really like to see Ruslan's latest > changes to man(1) in FreeBSD 4.5. This change closes a number of > potential security holes that could allow privilege escalation. > Please help us look over the recent commit to -CURRENT before we allow > this to be MFCed. Here are the relevant commits from Ruslan : I don't think this should go into -stable. It's still a contentious issue in -current and is a significant change to the historical behaviour of FreeBSD and therefore not something that should be included in a point release. Unless I'm missing something, it's also not a major security whole, the worst that can happen is that fake manpages can be created. That's definately significant and I support the tightening in -current but it's not a critical enough fix to warrant such a major change to a -stable branch. Paul. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-qa" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1011203704.2163.10.camel>