From owner-freebsd-arch  Fri Dec 14 16:35:50 2001
Delivered-To: freebsd-arch@freebsd.org
Received: from monorchid.lemis.com (monorchid.lemis.com [192.109.197.75])
	by hub.freebsd.org (Postfix) with ESMTP
	id 6E4C037B405; Fri, 14 Dec 2001 16:35:41 -0800 (PST)
Received: by monorchid.lemis.com (Postfix, from userid 1004)
	id BE81F786E4; Sat, 15 Dec 2001 11:05:39 +1030 (CST)
Date: Sat, 15 Dec 2001 11:05:39 +1030
From: Greg Lehey <grog@FreeBSD.org>
To: Ruslan Ermilov <ru@FreeBSD.org>
Cc: Robert Watson <rwatson@FreeBSD.org>,
	Garance A Drosihn <drosih@rpi.edu>, Peter Wemm <peter@wemm.org>,
	Nik Clayton <nik@FreeBSD.org>, Warner Losh <imp@harmony.village.org>,
	ache@FreeBSD.org, freebsd-arch@FreeBSD.org
Subject: Re: Changing 'man' to check alternate destination for 'cat' pages
Message-ID: <20011215110539.I85108@monorchid.lemis.com>
References: <20011214101857.C35094@sunbay.com> <Pine.NEB.3.96L.1011214052132.74588S-100000@fledge.watson.org> <20011214144352.A71966@sunbay.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20011214144352.A71966@sunbay.com>
User-Agent: Mutt/1.3.23i
Organization: The FreeBSD Project
Phone: +61-8-8388-8286
Fax: +61-8-8388-8725
Mobile: +61-418-838-708
WWW-Home-Page: http://www.FreeBSD.org/
X-PGP-Fingerprint: 6B 7B C3 8C 61 CD 54 AF  13 24 52 F8 6D A4 95 EF
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-arch.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-arch>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-arch>
X-Loop: FreeBSD.ORG

On Friday, 14 December 2001 at 14:43:52 +0200, Ruslan Ermilov wrote:
> On Fri, Dec 14, 2001 at 05:27:49AM -0500, Robert Watson wrote:
>>
>> On Fri, 14 Dec 2001, Ruslan Ermilov wrote:
>>
>>> Just having a CATMAN envariable is not enough, this would break many
>>> things.  There are hosts on which people use different locales
>>> simultaneously.  Look at how the usr/share/man/en.ISO8859-1 is organized
>>> nowadays, and realize why, while sharing the man? directories with the
>>> .., it has its own cat?  directories.
>>
>> Not to mention the security issues -- the one nice thing about the
>> hard-coded catman right now is that it greatly limits the scope for damage
>> from a setuid man.  I'm not entirely opposed to the notion of configuring
>> its location in /etc/man.conf or something, but agree that a run-time
>> user-tunable version of the same would be worrying.  Even leaving aside
>> the more serious attacks, imagine for a moment what would happen if
>> arbitrary users could tweak the contents of arbitrary .8 man pages :-).
>>
>>> The "cat" feature of man(1) is insecure, and is probably going to be
>>> nuked after a release of 4.5.
>>
>> Great!  I've been hoping for that for years. :-)
>
> Can I take it as an approval from core@ or security-officer@ team,
> both of which you are a member of?  :-)

It's certainly not (yet) an approval from core@.

Greg
--
See complete headers for address and phone numbers

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message