Date: Wed, 16 Jan 2002 18:16:25 +0100 From: Joerg Wunsch <j@uriah.heep.sax.de> To: Ruslan Ermilov <ru@FreeBSD.org> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, arch@FreeBSD.org Subject: Re: cvs commit: src/gnu/usr.bin/man/man Makefile man.c src/etc/mtree BSD.local.dist BSD.usr.dist BSD.x11-4.dist BSD.x11.dist Message-ID: <20020116181625.B757@uriah.heep.sax.de> In-Reply-To: <20020116183712.G13904@sunbay.com>; from ru@FreeBSD.org on Wed, Jan 16, 2002 at 06:37:12PM %2B0200 References: <20020116132917.K78030@wantadilla.lemis.com> <Pine.NEB.3.96L.1020115224951.59548D-100000@fledge.watson.org> <20020116154210.A74132@uriah.heep.sax.de> <20020116174352.C13904@sunbay.com> <20020116171144.C18043@uriah.heep.sax.de> <20020116183712.G13904@sunbay.com>
next in thread | previous in thread | raw e-mail | index | archive | help
As Ruslan Ermilov wrote: > > ...until the next "make installworld". That's why i'm asking for > > a knob in /etc/make.conf. setuidperl can get its suid bit `sticky' > > by the same way. > > > Hmm, can't you live with a custom gnu/usr.bin/man/man/Makefile? :-) Not really. (OK, i see the smiley. ;-) > Not user "man", but the contents of the system manpages. Try this: > > ln -s /usr/bin/true /tmp/troff > rm /usr/share/man/cat1/cat.1* > /usr/bin/env GROFF_BIN_PATH=/tmp man 1 cat OK, someone can cause garbage to go into my cat page. He could pretend that the options "-r" and "-f" to rm(1) would be something harmless :). Well, i'd like to see two things: . Variables like FOO_BIN_PATH need to be ignored when running with raised prvileges, no question asked. We used to ignore LD_LIBRARY_PATH for the same reason. I hope this is something that is fixable. . Then turn off the setuid bit, but offer the option to re-enable it for those who value the feature more than the risk, much in the same sense as we do for suidperl (which i still think is a lot less risky than someone (like me :) writing a buggy setuid wrapper in C). -- cheers, J"org .-.-. --... ...-- -.. . DL8DTL http://www.sax.de/~joerg/ NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020116181625.B757>