From owner-freebsd-qa Wed Jan 16 9:55:43 2002 Delivered-To: freebsd-qa@freebsd.org Received: from mailgate.originative.co.uk (mailgate.originative.co.uk [62.232.68.68]) by hub.freebsd.org (Postfix) with ESMTP id 90A0B37B41F; Wed, 16 Jan 2002 09:55:06 -0800 (PST) Received: from lobster.originative.co.uk (lobster [62.232.68.81]) by mailgate.originative.co.uk (Postfix) with ESMTP id 0F8B11D16B; Wed, 16 Jan 2002 17:55:04 +0000 (GMT) Subject: Re: Changes to man(1) From: Paul Richards To: Murray Stokely Cc: freebsd-qa@FreeBSD.org In-Reply-To: <20020115234038.GR6073@windriver.com> References: <20020115234038.GR6073@windriver.com> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Evolution/1.0 (Preview Release) Date: 16 Jan 2002 17:55:03 +0000 Message-Id: <1011203704.2163.10.camel@lobster.originative.co.uk> Mime-Version: 1.0 Sender: owner-freebsd-qa@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, 2002-01-15 at 23:40, Murray Stokely wrote: > The release engineers would really like to see Ruslan's latest > changes to man(1) in FreeBSD 4.5. This change closes a number of > potential security holes that could allow privilege escalation. > Please help us look over the recent commit to -CURRENT before we allow > this to be MFCed. Here are the relevant commits from Ruslan : I don't think this should go into -stable. It's still a contentious issue in -current and is a significant change to the historical behaviour of FreeBSD and therefore not something that should be included in a point release. Unless I'm missing something, it's also not a major security whole, the worst that can happen is that fake manpages can be created. That's definately significant and I support the tightening in -current but it's not a critical enough fix to warrant such a major change to a -stable branch. Paul. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-qa" in the body of the message