From owner-cvs-all  Tue Jan 15 18:59:31 2002
Delivered-To: cvs-all@freebsd.org
Received: from wantadilla.lemis.com (wantadilla.lemis.com [192.109.197.80])
	by hub.freebsd.org (Postfix) with ESMTP
	id 6694C37B402; Tue, 15 Jan 2002 18:59:20 -0800 (PST)
Received: by wantadilla.lemis.com (Postfix, from userid 1004)
	id E5C39782D0; Wed, 16 Jan 2002 13:29:17 +1030 (CST)
Date: Wed, 16 Jan 2002 13:29:17 +1030
From: Greg Lehey <grog@FreeBSD.org>
To: Ruslan Ermilov <ru@FreeBSD.org>
Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/gnu/usr.bin/man/man Makefile man.c src/etc/mtree BSD.local.dist BSD.usr.dist BSD.x11-4.dist BSD.x11.dist
Message-ID: <20020116132917.K78030@wantadilla.lemis.com>
References: <200201151411.g0FEB6H82165@freefall.freebsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200201151411.g0FEB6H82165@freefall.freebsd.org>
User-Agent: Mutt/1.3.23i
Organization: The FreeBSD Project
Phone: +61-8-8388-8286
Fax: +61-8-8388-8725
Mobile: +61-418-838-708
WWW-Home-Page: http://www.FreeBSD.org/
X-PGP-Fingerprint: 6B 7B C3 8C 61 CD 54 AF  13 24 52 F8 6D A4 95 EF
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

On Tuesday, 15 January 2002 at  6:11:05 -0800, Ruslan Ermilov wrote:
> ru          2002/01/15 06:11:05 PST
>
>   Modified files:
>     gnu/usr.bin/man/man  Makefile man.c
>     etc/mtree            BSD.local.dist BSD.usr.dist
>                          BSD.x11-4.dist BSD.x11.dist
>   Log:
>   Do not install man(1) setuid ``man''.
>
>   The catpaging and setuidness features of man(1) combined make
>   it vulnerable to a number of security attacks. ...
>
>   This means man(1) can no longer create system catpages on a
>   regular user's behalf.  (It is still able to if the user has
>   write permissions to the directory holding catpages, e.g.,
>   user's own manpages, or if the running user is ``root''.)

Hmm.  I can see the security implications, but you'd need to
compromise the system in the first place in order to break it, so it's
not the most likely thing on earth.  On the other hand, many people
don't have such extreme security requirements, and they might get a
little upset by the change.

>   To create and install catpages during ``make world'', please set
>   MANBUILDCAT=YES in /etc/make.conf.

This won't help people installing from CD-ROM.  It also takes up a lot
of space.  It would be nice to think of an alternative, like maybe a
private catman directory for non-root users.

Greg
--
See complete headers for address and phone numbers

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message