Date: Thu, 13 Dec 2001 08:10:03 -0800 (PST) From: "Andrey A. Chernov" <ache@nagual.pp.ru> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/32791: FreeBSD's man(1) utility vulnerable to old catman attacks Message-ID: <200112131610.fBDGA3A16215@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/32791; it has been noted by GNATS. From: "Andrey A. Chernov" <ache@nagual.pp.ru> To: Ruslan Ermilov <ru@FreeBSD.ORG> Cc: "Tim J. Robbins" <tim@robbins.dropbear.id.au>, security@FreeBSD.ORG, bug-followup@FreeBSD.ORG Subject: Re: bin/32791: FreeBSD's man(1) utility vulnerable to old catman attacks Date: Thu, 13 Dec 2001 19:07:13 +0300 On Thu, Dec 13, 2001 at 15:38:04 +0200, Ruslan Ermilov wrote: > The below patch doesn't allow man(1) to use its SUID powers > when the catpage's directory is accessed via symlink. It breaks private cat pages (symlink check must not present for them) -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200112131610.fBDGA3A16215>