From owner-freebsd-qa Wed Jan 16 3:41:10 2002 Delivered-To: freebsd-qa@freebsd.org Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by hub.freebsd.org (Postfix) with ESMTP id 1D40237B41A; Wed, 16 Jan 2002 03:41:02 -0800 (PST) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.11.6/8.11.2) id g0GBekc77839; Wed, 16 Jan 2002 13:40:46 +0200 (EET) (envelope-from ru) Date: Wed, 16 Jan 2002 13:40:46 +0200 From: Ruslan Ermilov To: Murray Stokely Cc: freebsd-qa@FreeBSD.org Subject: Re: Changes to man(1) Message-ID: <20020116134046.A77376@sunbay.com> References: <20020115234038.GR6073@windriver.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020115234038.GR6073@windriver.com> User-Agent: Mutt/1.3.23i Sender: owner-freebsd-qa@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, Jan 15, 2002 at 03:40:38PM -0800, Murray Stokely wrote: > The release engineers would really like to see Ruslan's latest > changes to man(1) in FreeBSD 4.5. This change closes a number of > potential security holes that could allow privilege escalation. > Please help us look over the recent commit to -CURRENT before we allow > this to be MFCed. Here are the relevant commits from Ruslan : > I've just found a problem with this in -STABLE. We also need to MFC the following deltas to bsd.man.mk (only the 1.40 is essential, but MFCing 1.39 doesn't harm too): : revision 1.40 : date: 2001/07/12 07:47:39; author: ru; state: Exp; lines: +2 -2 : Always preprocess manpages with tbl(1). : ---------------------------- : revision 1.39 : date: 2001/05/30 07:02:57; author: ru; state: Exp; lines: +1 -3 : Do not clobber COPY, it may be set differently in /etc/make.conf. : This is not the problem for NOMANCOMPRESS, as install(1) does not : delete the originals anymore (-c is the default now). Otherwise, catpages built as part of buildworld with MANBUILDCAT=YES are not preprocessed with tbl(1), and we get some bad catpages on the release media. This is the same assumption as man(1) does -- always format with tbl(1). PLEASE NOTE that this problem is not new, and exists even without MFCing the man(1) changes. It is just expected that more people will start to use the MANBUILDCAT feature. And yes, release media of 4.4-RELEASE has some broken catpages. Index: bsd.man.mk =================================================================== RCS file: /home/ncvs/src/share/mk/bsd.man.mk,v retrieving revision 1.31.2.5 diff -u -r1.31.2.5 bsd.man.mk --- bsd.man.mk 2001/12/20 10:44:03 1.31.2.5 +++ bsd.man.mk 2002/01/16 11:14:25 @@ -53,7 +53,7 @@ CATDIR= ${MANDIR:H:S/$/\/cat/} CATEXT= .cat -MROFF_CMD?= groff -Tascii -mtty-char -man +MROFF_CMD?= groff -Tascii -mtty-char -man -t MCOMPRESS_CMD?= ${COMPRESS_CMD} MCOMPRESS_EXT?= ${COMPRESS_EXT} @@ -73,8 +73,6 @@ all-man: .if defined(NOMANCOMPRESS) - -COPY= -c # Make special arrangements to filter to a temporary file at build time # for NOMANCOMPRESS. Cheers, -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-qa" in the body of the message