From owner-freebsd-qa  Wed Jan 16 10: 0: 6 2002
Delivered-To: freebsd-qa@freebsd.org
Received: from Awfulhak.org (gw.Awfulhak.org [217.204.245.18])
	by hub.freebsd.org (Postfix) with ESMTP
	id F1FC137B402; Wed, 16 Jan 2002 10:00:02 -0800 (PST)
Received: from hak.lan.Awfulhak.org (root@hak.lan.Awfulhak.org [fec0::1:12])
	by Awfulhak.org (8.11.6/8.11.6) with ESMTP id g0GI00N38220;
	Wed, 16 Jan 2002 18:00:00 GMT
	(envelope-from brian@freebsd-services.com)
Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1])
	by hak.lan.Awfulhak.org (8.11.6/8.11.6) with ESMTP id g0GHxwL81019;
	Wed, 16 Jan 2002 17:59:58 GMT
	(envelope-from brian@freebsd-services.com)
Message-Id: <200201161759.g0GHxwL81019@hak.lan.Awfulhak.org>
X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4
To: Murray Stokely <murray@FreeBSD.org>
Cc: freebsd-qa@FreeBSD.org, Ruslan Ermilov <ru@FreeBSD.org>,
	Brian Somers <brian@freebsd-services.com>
Subject: Re: Changes to man(1) 
In-Reply-To: Message from Murray Stokely <murray@FreeBSD.ORG> 
   of "Tue, 15 Jan 2002 15:40:38 PST." <20020115234038.GR6073@windriver.com> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Wed, 16 Jan 2002 17:59:58 +0000
From: Brian Somers <brian@freebsd-services.com>
Sender: owner-freebsd-qa@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-qa.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-qa>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-qa>
X-Loop: FreeBSD.ORG

>   The release engineers would really like to see Ruslan's latest
> changes to man(1) in FreeBSD 4.5.  This change closes a number of
> potential security holes that could allow privilege escalation.
> Please help us look over the recent commit to -CURRENT before we allow
> this to be MFCed.  Here are the relevant commits from Ruslan :

I don't think this is -stable material (it changes system behaviour).

I also think that putting something this size into the system at this 
point in the release cycle should at least warrant another RC.

I also don't like this new (well, old) mechanism.  Instead, I think 
man(1) should be fixed so that as soon as any of the default things 
like macro packages and man directories are altered, it drops all 
privileges.  Is there a problem with doing it that way instead ?


>      Thanks,
>      - Murray

-- 
Brian <brian@freebsd-services.com>                <brian@Awfulhak.org>
      http://www.freebsd-services.com/        <brian@[uk.]FreeBSD.org>
Don't _EVER_ lose your sense of humour !      <brian@[uk.]OpenBSD.org>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-qa" in the body of the message