Date: Wed, 16 Jan 2002 21:28:27 +0100 From: Joerg Wunsch <j@uriah.heep.sax.de> To: Ruslan Ermilov <ru@FreeBSD.org> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, arch@FreeBSD.org Subject: Re: cvs commit: src/gnu/usr.bin/man/man Makefile man.c src/etc/mtree BSD.local.dist BSD.usr.dist BSD.x11-4.dist BSD.x11.dist Message-ID: <20020116212827.B3262@uriah.heep.sax.de> In-Reply-To: <20020116195429.J13904@sunbay.com>; from ru@FreeBSD.org on Wed, Jan 16, 2002 at 07:54:29PM %2B0200 References: <20020116132917.K78030@wantadilla.lemis.com> <Pine.NEB.3.96L.1020115224951.59548D-100000@fledge.watson.org> <20020116154210.A74132@uriah.heep.sax.de> <20020116174352.C13904@sunbay.com> <20020116171144.C18043@uriah.heep.sax.de> <20020116183712.G13904@sunbay.com> <20020116181625.B757@uriah.heep.sax.de> <20020116195429.J13904@sunbay.com>
next in thread | previous in thread | raw e-mail | index | archive | help
As Ruslan Ermilov wrote: > There's still problem exists with following symbolic links (please > see the PR for an example exploit). But that one either requires write permission to the directory holding the cat* directories, or it requires the user to run man -M <something> or otherwise against a modified $MANPATH. Sure, it can clobber files that are writable by user man. It's fine by me to have suidness turned off by default (and then probably also to ship a system that doesn't even have the cat directories -- what are they good for if we don't store something there? catman can handle creation of the directories by itself). I'll probably even leave it turned off on my workstation at work, but would simply like to have it as a knob on some machines. -- cheers, J"org .-.-. --... ...-- -.. . DL8DTL http://www.sax.de/~joerg/ NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020116212827.B3262>