From owner-cvs-all Wed Jan 16 9:55: 3 2002 Delivered-To: cvs-all@freebsd.org Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by hub.freebsd.org (Postfix) with ESMTP id EC5D337B404; Wed, 16 Jan 2002 09:54:40 -0800 (PST) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.11.6/8.11.2) id g0GHsTU39957; Wed, 16 Jan 2002 19:54:29 +0200 (EET) (envelope-from ru) Date: Wed, 16 Jan 2002 19:54:29 +0200 From: Ruslan Ermilov To: Joerg Wunsch , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, arch@FreeBSD.org Subject: Re: cvs commit: src/gnu/usr.bin/man/man Makefile man.c src/etc/mtree BSD.local.dist BSD.usr.dist BSD.x11-4.dist BSD.x11.dist Message-ID: <20020116195429.J13904@sunbay.com> References: <20020116132917.K78030@wantadilla.lemis.com> <20020116154210.A74132@uriah.heep.sax.de> <20020116174352.C13904@sunbay.com> <20020116171144.C18043@uriah.heep.sax.de> <20020116183712.G13904@sunbay.com> <20020116181625.B757@uriah.heep.sax.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020116181625.B757@uriah.heep.sax.de> User-Agent: Mutt/1.3.23i Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, Jan 16, 2002 at 06:16:25PM +0100, Joerg Wunsch wrote: > As Ruslan Ermilov wrote: > > > > ...until the next "make installworld". That's why i'm asking for > > > a knob in /etc/make.conf. setuidperl can get its suid bit `sticky' > > > by the same way. > > > > > Hmm, can't you live with a custom gnu/usr.bin/man/man/Makefile? :-) > > Not really. (OK, i see the smiley. ;-) > > > Not user "man", but the contents of the system manpages. Try this: > > > > ln -s /usr/bin/true /tmp/troff > > rm /usr/share/man/cat1/cat.1* > > /usr/bin/env GROFF_BIN_PATH=/tmp man 1 cat > > OK, someone can cause garbage to go into my cat page. He could > pretend that the options "-r" and "-f" to rm(1) would be something > harmless :). > > Well, i'd like to see two things: > > . Variables like FOO_BIN_PATH need to be ignored when running > with raised prvileges, no question asked. We used to ignore > LD_LIBRARY_PATH for the same reason. I hope this is something > that is fixable. > Hmm. In this case, the actual problem is with groff(1). man(1) executes groff(1) in secure (-S) mode (actually it is now the default mode), and the latter should not respect these environment variables while running in this mode. I will see tomorrow if this is easily fixable -- it should be. OK, one big problem shot. > . Then turn off the setuid bit, but offer the option to re-enable > it for those who value the feature more than the risk, much in > the same sense as we do for suidperl (which i still think is a > lot less risky than someone (like me :) writing a buggy setuid > wrapper in C). > There's still problem exists with following symbolic links (please see the PR for an example exploit). I tried a quick patch that should solve this, but Robert Watson pointed out that it is subject to a race between lstat(2)'ting a directory holding a catpage and creating a file in that directory. Unfortunately, O_NOFOLLOW only works for the last component of the pathname passed to open(2). If we could find a solution to this problem, I would be more than happy to restore this functionality of man(1). Cheers, Ruslan (who now thinks that the only reliable way to get useful feedback is to commit something). To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message