From owner-freebsd-bugs  Mon Jan 28 15:10:10 2002
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 83C4E37B404
	for <freebsd-bugs@hub.freebsd.org>; Mon, 28 Jan 2002 15:10:01 -0800 (PST)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id g0SNA1i63069;
	Mon, 28 Jan 2002 15:10:01 -0800 (PST)
	(envelope-from gnats)
Date: Mon, 28 Jan 2002 15:10:01 -0800 (PST)
Message-Id: <200201282310.g0SNA1i63069@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: Giorgos Keramidas <keramida@ceid.upatras.gr>
Subject: Re: misc/34270: man -k could be used to execute any command.
Reply-To: Giorgos Keramidas <keramida@ceid.upatras.gr>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org

The following reply was made to PR misc/34270; it has been noted by GNATS.

From: Giorgos Keramidas <keramida@ceid.upatras.gr>
To: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Cc: bug-followup@freebsd.org
Subject: Re: misc/34270: man -k could be used to execute any command.
Date: Tue, 29 Jan 2002 01:04:36 +0200

 On 2002-01-28 16:15:48, Garrett Wollman wrote:
 > <<On Sat, 26 Jan 2002 09:40:06 -0800 (PST), Giorgos Keramidas <keramida@FreeBSD.ORG> said:
 > 
 > >  Here's a partial fix for the "apropos" and "whatis" options of man(1).
 > >  This leaves still 4 places where man/man.c uses do_system_command(),
 > >  since I need to understand the code before I make any changes.  The
 > >  code of man.c is still vulnerable to environment variable tricks, but
 > >  at least it works with -f and -k options without problems:
 >  
 > I would suggest that the apropos and whatis commands be run by their
 > full path names, avoiding the exec?p functions.  If they are running
 > with privilege, the environment should be cleaned out as well.
 
 OK, although the commands are not run with elevated priviledges, so
 they're not dangerous (at least not in ways that I could think during
 the past few days).
 
 -- 
 Giorgos Keramidas . . . . . . . . . keramida@{ceid.upatras.gr,freebsd.org}
 FreeBSD Documentation Project . . . http://www.freebsd.org/docproj/
 FreeBSD: The power to serve . . . . http://www.freebsd.org/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message