From owner-freebsd-bugs  Thu Dec 13  8:10: 6 2001
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 6C52F37B419
	for <freebsd-bugs@hub.freebsd.org>; Thu, 13 Dec 2001 08:10:03 -0800 (PST)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id fBDGA3A16215;
	Thu, 13 Dec 2001 08:10:03 -0800 (PST)
	(envelope-from gnats)
Date: Thu, 13 Dec 2001 08:10:03 -0800 (PST)
Message-Id: <200112131610.fBDGA3A16215@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: "Andrey A. Chernov" <ache@nagual.pp.ru>
Subject: Re: bin/32791: FreeBSD's man(1) utility vulnerable to old catman attacks
Reply-To: "Andrey A. Chernov" <ache@nagual.pp.ru>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org

The following reply was made to PR bin/32791; it has been noted by GNATS.

From: "Andrey A. Chernov" <ache@nagual.pp.ru>
To: Ruslan Ermilov <ru@FreeBSD.ORG>
Cc: "Tim J. Robbins" <tim@robbins.dropbear.id.au>,
	security@FreeBSD.ORG, bug-followup@FreeBSD.ORG
Subject: Re: bin/32791: FreeBSD's man(1) utility vulnerable to old catman attacks
Date: Thu, 13 Dec 2001 19:07:13 +0300

 On Thu, Dec 13, 2001 at 15:38:04 +0200, Ruslan Ermilov wrote:
 
 > The below patch doesn't allow man(1) to use its SUID powers
 > when the catpage's directory is accessed via symlink.
 
 It breaks private cat pages (symlink check must not present for them)
 
 -- 
 Andrey A. Chernov
 http://ache.pp.ru/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message