Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 16 Jan 2002 18:37:12 +0200
From:      Ruslan Ermilov <ru@FreeBSD.org>
To:        Joerg Wunsch <j@uriah.heep.sax.de>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Cc:        arch@FreeBSD.org
Subject:   Re: cvs commit: src/gnu/usr.bin/man/man Makefile man.c src/etc/mtree BSD.local.dist BSD.usr.dist BSD.x11-4.dist BSD.x11.dist
Message-ID:  <20020116183712.G13904@sunbay.com>
In-Reply-To: <20020116171144.C18043@uriah.heep.sax.de>
References:  <20020116132917.K78030@wantadilla.lemis.com> <Pine.NEB.3.96L.1020115224951.59548D-100000@fledge.watson.org> <20020116154210.A74132@uriah.heep.sax.de> <20020116174352.C13904@sunbay.com> <20020116171144.C18043@uriah.heep.sax.de>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jan 16, 2002 at 05:11:44PM +0100, Joerg Wunsch wrote:
> As Ruslan Ermilov wrote:
> 
> > All you need to do is to change the ownership on catpages holding
> > directories back to ``man'', and install man(1) setuid ``man''.
> 
> ...until the next "make installworld".  That's why i'm asking for
> a knob in /etc/make.conf.  setuidperl can get its suid bit `sticky'
> by the same way.
> 
Hmm, can't you live with a custom gnu/usr.bin/man/man/Makefile?  :-)

> > But because it was proven to be insecure in many ways (the most
> > important leak is a customized environment), I don't like the idea
> > of even putting the required knobs back to src/.
> 
> But all that can be compromised is user "man", isn't it?  I don't
> care much about this.
> 
Not user "man", but the contents of the system manpages.  Try this:

ln -s /usr/bin/true /tmp/troff
rm /usr/share/man/cat1/cat.1*
/usr/bin/env GROFF_BIN_PATH=/tmp man 1 cat

> Get me right, it's OK by me to put a big warning above that knob
> into /etc/defaults/make.conf.  But for sites less concerned about
> security (like my home computer), compromising the "man" account
> by the only other user on my machine (that's my wife :) isn't
> anything i would care much about.  Even though the machine is
> pretty fast, i prefer the cached catpages for efficiency.  (setuid
> root binaries are a totally different matter, since they might
> always serve as a target by a potential intruder.  But i don't
> think such an intruder would gain much by breaking a setuid man
> man(1), and then replace all my catpages. ;-)
> 
OK, what do others think about this?

> > > I hope man(1)
> > > is smart enough to handle that situation, and would reformat
> > > the more recent man source instead of displaying the stale
> > > catpage then.
> 
> > Yes, man(1) handles this.
> 
> OK, fine.
> 
> > Also, catman(1) doesn't re-catman
> > the entire tree by default:
> 
> I know, this was one of Wolfram's design goals when he rewrote
> it. ;-)
> 
> -- 
> cheers, J"org               .-.-.   --... ...--   -.. .  DL8DTL
> 
> http://www.sax.de/~joerg/                        NIC: JW11-RIPE
> Never trust an operating system you don't have sources for. ;-)

-- 
Ruslan Ermilov		Oracle Developer/DBA,
ru@sunbay.com		Sunbay Software AG,
ru@FreeBSD.org		FreeBSD committer,
+380.652.512.251	Simferopol, Ukraine

http://www.FreeBSD.org	The Power To Serve
http://www.oracle.com	Enabling The Information Age

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020116183712.G13904>