From owner-freebsd-qa Wed Jan 16 10:10:49 2002 Delivered-To: freebsd-qa@freebsd.org Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by hub.freebsd.org (Postfix) with ESMTP id 679D337B419; Wed, 16 Jan 2002 10:10:38 -0800 (PST) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.11.6/8.11.2) id g0GIADq42366; Wed, 16 Jan 2002 20:10:13 +0200 (EET) (envelope-from ru) Date: Wed, 16 Jan 2002 20:10:13 +0200 From: Ruslan Ermilov To: Paul Richards , Brian Somers Cc: Murray Stokely , freebsd-qa@FreeBSD.ORG Subject: Re: Changes to man(1) Message-ID: <20020116201013.M13904@sunbay.com> References: <20020115234038.GR6073@windriver.com> <200201161759.g0GHxwL81019@hak.lan.Awfulhak.org> <20020115234038.GR6073@windriver.com> <1011203704.2163.10.camel@lobster.originative.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200201161759.g0GHxwL81019@hak.lan.Awfulhak.org> <1011203704.2163.10.camel@lobster.originative.co.uk> User-Agent: Mutt/1.3.23i Sender: owner-freebsd-qa@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Paul Richards and Brian Somers, after probably talking to each other, wrote simultaneously: On Wed, Jan 16, 2002 at 05:55:03PM +0000, Paul Richards wrote: > On Tue, 2002-01-15 at 23:40, Murray Stokely wrote: > > The release engineers would really like to see Ruslan's latest > > changes to man(1) in FreeBSD 4.5. This change closes a number of > > potential security holes that could allow privilege escalation. > > Please help us look over the recent commit to -CURRENT before we allow > > this to be MFCed. Here are the relevant commits from Ruslan : > > I don't think this should go into -stable. > > It's still a contentious issue in -current and is a significant change > to the historical behaviour of FreeBSD and therefore not something that > should be included in a point release. > > Unless I'm missing something, it's also not a major security whole, the > worst that can happen is that fake manpages can be created. That's > definately significant and I support the tightening in -current but it's > not a critical enough fix to warrant such a major change to a -stable > branch. > Having catpages is optional, and I wouldn't call it a major change, especially that good and secure alternatives for creating catpages were provided. On Wed, Jan 16, 2002 at 05:59:58PM +0000, Brian Somers wrote: [...] > I don't think this is -stable material (it changes system behaviour). > > I also think that putting something this size into the system at this > point in the release cycle should at least warrant another RC. > > I also don't like this new (well, old) mechanism. Instead, I think > man(1) should be fixed so that as soon as any of the default things > like macro packages and man directories are altered, it drops all > privileges. Is there a problem with doing it that way instead ? > Please see http://security-archive.merton.ox.ac.uk/security-audit-200010/0022.html for all other possible pitfalls. But yes, I agree this shouldn't go into -STABLE at this point, because I'm not sure we couldn't find a better solution. Still want to MFC -m option change. Cheers, -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-qa" in the body of the message