From owner-freebsd-arch  Fri Dec 14  4:44:28 2001
Delivered-To: freebsd-arch@freebsd.org
Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65])
	by hub.freebsd.org (Postfix) with ESMTP
	id 226BF37B416; Fri, 14 Dec 2001 04:44:10 -0800 (PST)
Received: (from ru@localhost)
	by whale.sunbay.crimea.ua (8.11.6/8.11.2) id fBEChqA72499;
	Fri, 14 Dec 2001 14:43:52 +0200 (EET)
	(envelope-from ru)
Date: Fri, 14 Dec 2001 14:43:52 +0200
From: Ruslan Ermilov <ru@FreeBSD.org>
To: Robert Watson <rwatson@FreeBSD.org>
Cc: Greg Lehey <grog@FreeBSD.org>,
	Garance A Drosihn <drosih@rpi.edu>, Peter Wemm <peter@wemm.org>,
	Nik Clayton <nik@FreeBSD.org>, Warner Losh <imp@harmony.village.org>,
	ache@FreeBSD.org, freebsd-arch@FreeBSD.org
Subject: Re: Changing 'man' to check alternate destination for 'cat' pages
Message-ID: <20011214144352.A71966@sunbay.com>
References: <20011214101857.C35094@sunbay.com> <Pine.NEB.3.96L.1011214052132.74588S-100000@fledge.watson.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.NEB.3.96L.1011214052132.74588S-100000@fledge.watson.org>
User-Agent: Mutt/1.3.23i
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-arch.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-arch>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-arch>
X-Loop: FreeBSD.ORG

On Fri, Dec 14, 2001 at 05:27:49AM -0500, Robert Watson wrote:
> 
> On Fri, 14 Dec 2001, Ruslan Ermilov wrote:
> 
> > Just having a CATMAN envariable is not enough, this would break many
> > things.  There are hosts on which people use different locales
> > simultaneously.  Look at how the usr/share/man/en.ISO8859-1 is organized
> > nowadays, and realize why, while sharing the man? directories with the
> > .., it has its own cat?  directories. 
> 
> Not to mention the security issues -- the one nice thing about the
> hard-coded catman right now is that it greatly limits the scope for damage
> from a setuid man.  I'm not entirely opposed to the notion of configuring
> its location in /etc/man.conf or something, but agree that a run-time
> user-tunable version of the same would be worrying.  Even leaving aside
> the more serious attacks, imagine for a moment what would happen if
> arbitrary users could tweak the contents of arbitrary .8 man pages :-). 
> 
> > The "cat" feature of man(1) is insecure, and is probably going to be
> > nuked after a release of 4.5.
> 
> Great!  I've been hoping for that for years. :-)
> 
Can I take it as an approval from core@ or security-officer@ team,
both of which you are a member of?  :-)


Cheers,
-- 
Ruslan Ermilov		Oracle Developer/DBA,
ru@sunbay.com		Sunbay Software AG,
ru@FreeBSD.org		FreeBSD committer,
+380.652.512.251	Simferopol, Ukraine

http://www.FreeBSD.org	The Power To Serve
http://www.oracle.com	Enabling The Information Age

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message