From owner-cvs-all Wed Jan 16 7:44:42 2002 Delivered-To: cvs-all@freebsd.org Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by hub.freebsd.org (Postfix) with ESMTP id 2523737B416; Wed, 16 Jan 2002 07:44:27 -0800 (PST) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.11.6/8.11.2) id g0GFhqb20153; Wed, 16 Jan 2002 17:43:52 +0200 (EET) (envelope-from ru) Date: Wed, 16 Jan 2002 17:43:52 +0200 From: Ruslan Ermilov To: Joerg Wunsch , Robert Watson , Greg Lehey , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/gnu/usr.bin/man/man Makefile man.c src/etc/mtree BSD.local.dist BSD.usr.dist BSD.x11-4.dist BSD.x11.dist Message-ID: <20020116174352.C13904@sunbay.com> References: <20020116132917.K78030@wantadilla.lemis.com> <20020116154210.A74132@uriah.heep.sax.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020116154210.A74132@uriah.heep.sax.de> User-Agent: Mutt/1.3.23i Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, Jan 16, 2002 at 03:42:10PM +0100, Joerg Wunsch wrote: > As Robert Watson wrote: > > > There's a > > lot of risk involved here, not all that disimilar to the risk involved in > > setuid suidperl. We turn that off by default, and users can always turn > > it on if they need it. > > I'd wish we could also (optionally) turn suidness on again for man(1), in > the same way it can be done for suidperl (i. e. via /etc/make.conf). For > my usual home machine, security implications of someone clobbering my > catpages aren't of concern to me, but i somewhat like the idea of a > `catpage cache' (as opposed to always catmanning the entire tree). > All you need to do is to change the ownership on catpages holding directories back to ``man'', and install man(1) setuid ``man''. But because it was proven to be insecure in many ways (the most important leak is a customized environment), I don't like the idea of even putting the required knobs back to src/. You can simply make man(1) setuid root on your home machine, without even twiddling with the ownership. :-) > > We have a catman distribution already, I believe, which can be enabled in > > sysinstall. Maybe it's time to make it part of the default install, if it > > isn't already. > > I wouldn't do this. For CPUs with clocks in the Gigahertz > range, it's not that hard to trade speed (reformat the page > each time) against the space required by the catpages. > Solaris doesn't store catpages, for example. > > I once created the catman distribution mainly with the idea > in mind to save CPU time on slow machines. Owners of slow > machines are then still free to install this distribution. > The sad thing: it now might cause catfiles to become stale, > if the luser installed more recent man pages. I hope man(1) > is smart enough to handle that situation, and would reformat > the more recent man source instead of displaying the stale > catpage then. (Owners of slow machines probably won't like > the idea much to re-catman the entire tree regularly.) > Yes, man(1) handles this. Also, catman(1) doesn't re-catman the entire tree by default: : -f, -force : Force overwriting old cat pages. Normally only those pages will : be formatted which are not up to date. This option is a waste of : time, CPU and RAM. Cheers, -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message