Date: Wed, 16 Jan 2002 17:43:52 +0200 From: Ruslan Ermilov <ru@FreeBSD.org> To: Joerg Wunsch <j@uriah.heep.sax.de>, Robert Watson <rwatson@FreeBSD.org>, Greg Lehey <grog@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/gnu/usr.bin/man/man Makefile man.c src/etc/mtree BSD.local.dist BSD.usr.dist BSD.x11-4.dist BSD.x11.dist Message-ID: <20020116174352.C13904@sunbay.com> In-Reply-To: <20020116154210.A74132@uriah.heep.sax.de> References: <20020116132917.K78030@wantadilla.lemis.com> <Pine.NEB.3.96L.1020115224951.59548D-100000@fledge.watson.org> <20020116154210.A74132@uriah.heep.sax.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jan 16, 2002 at 03:42:10PM +0100, Joerg Wunsch wrote: > As Robert Watson wrote: > > > There's a > > lot of risk involved here, not all that disimilar to the risk involved in > > setuid suidperl. We turn that off by default, and users can always turn > > it on if they need it. > > I'd wish we could also (optionally) turn suidness on again for man(1), in > the same way it can be done for suidperl (i. e. via /etc/make.conf). For > my usual home machine, security implications of someone clobbering my > catpages aren't of concern to me, but i somewhat like the idea of a > `catpage cache' (as opposed to always catmanning the entire tree). > All you need to do is to change the ownership on catpages holding directories back to ``man'', and install man(1) setuid ``man''. But because it was proven to be insecure in many ways (the most important leak is a customized environment), I don't like the idea of even putting the required knobs back to src/. You can simply make man(1) setuid root on your home machine, without even twiddling with the ownership. :-) > > We have a catman distribution already, I believe, which can be enabled in > > sysinstall. Maybe it's time to make it part of the default install, if it > > isn't already. > > I wouldn't do this. For CPUs with clocks in the Gigahertz > range, it's not that hard to trade speed (reformat the page > each time) against the space required by the catpages. > Solaris doesn't store catpages, for example. > > I once created the catman distribution mainly with the idea > in mind to save CPU time on slow machines. Owners of slow > machines are then still free to install this distribution. > The sad thing: it now might cause catfiles to become stale, > if the luser installed more recent man pages. I hope man(1) > is smart enough to handle that situation, and would reformat > the more recent man source instead of displaying the stale > catpage then. (Owners of slow machines probably won't like > the idea much to re-catman the entire tree regularly.) > Yes, man(1) handles this. Also, catman(1) doesn't re-catman the entire tree by default: : -f, -force : Force overwriting old cat pages. Normally only those pages will : be formatted which are not up to date. This option is a waste of : time, CPU and RAM. Cheers, -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020116174352.C13904>