Date: Thu, 11 Jul 1996 06:40:03 +1000 From: Bruce Evans <bde@zeta.org.au> To: freebsd-bugs@freefall.freebsd.org, j@uriah.heep.sax.de Subject: Re: gnu/1379: Man command problem, when it writes into symlinked dir Message-ID: <199607102040.GAA25744@godzilla.zeta.org.au>
next in thread | raw e-mail | index | archive | help
> As Masafumi NAKANE wrote: > > > The man command doesn't check the owner of the symbolic link when it > > writes the formatted man page out to symlinked cat? directory. > > The man command itself does not need to check anything (except for > deciding whether it should present the message ``Formatting man > page.'') Yes it does. It's setuid man and needs to check for security holes such as the one given in detail in the PR. It assumes that writing in the system cat directories is OK because the source file must be in a system man directory, but the PR shows how to have the source in a user directory. > otherwise it simply can't do it. It's not running setuid root, and it > never did. It runs as setuid man, and usually did, except last month in -current, when setuid'ness was turned off. > Btw., symlinks don't have an owner or other attributes. What you see > as their owner is the ownership and permission of their parent > directory, but it's entirely meaningless as long as the *target* of > the symlink is concerned. Yes, the cause of problem is different from the one reported. `man' probably needs to switch to the user's id unless both the source and the target directories are in trusted places. This may involve eliminating symlinks. Bruce
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199607102040.GAA25744>