From owner-freebsd-security  Thu Dec 13  8: 7:23 2001
Delivered-To: freebsd-security@freebsd.org
Received: from nagual.pp.ru (pobrecita.freebsd.ru [194.87.13.42])
	by hub.freebsd.org (Postfix) with ESMTP
	id 2262237B417; Thu, 13 Dec 2001 08:07:16 -0800 (PST)
Received: (from ache@localhost)
	by nagual.pp.ru (8.11.6/8.11.6) id fBDG7EJ45703;
	Thu, 13 Dec 2001 19:07:14 +0300 (MSK)
	(envelope-from ache)
Date: Thu, 13 Dec 2001 19:07:13 +0300
From: "Andrey A. Chernov" <ache@nagual.pp.ru>
To: Ruslan Ermilov <ru@FreeBSD.ORG>
Cc: "Tim J. Robbins" <tim@robbins.dropbear.id.au>,
	security@FreeBSD.ORG, bug-followup@FreeBSD.ORG
Subject: Re: bin/32791: FreeBSD's man(1) utility vulnerable to old catman attacks
Message-ID: <20011213160713.GA45527@nagual.pp.ru>
References: <200112130713.fBD7DiH01449@raven.robbins.dropbear.id.au> <20011213153804.A19995@sunbay.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20011213153804.A19995@sunbay.com>
User-Agent: Mutt/1.3.23.2i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Thu, Dec 13, 2001 at 15:38:04 +0200, Ruslan Ermilov wrote:

> The below patch doesn't allow man(1) to use its SUID powers
> when the catpage's directory is accessed via symlink.

It breaks private cat pages (symlink check must not present for them)

-- 
Andrey A. Chernov
http://ache.pp.ru/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message