Date: Tue, 15 Jan 2002 15:40:38 -0800 From: Murray Stokely <murray@FreeBSD.org> To: freebsd-qa@FreeBSD.org Subject: Changes to man(1) Message-ID: <20020115234038.GR6073@windriver.com>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
The release engineers would really like to see Ruslan's latest
changes to man(1) in FreeBSD 4.5. This change closes a number of
potential security holes that could allow privilege escalation.
Please help us look over the recent commit to -CURRENT before we allow
this to be MFCed. Here are the relevant commits from Ruslan :
Thanks,
- Murray
---
From: Ruslan Ermilov <ru@FreeBSD.org>
Subject: cvs commit: src/gnu/usr.bin/man/man Makefile man.c man.man
src/gnu/usr.bin/man/manpath Makefile
To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Date: Fri, 11 Jan 2002 07:12:00 -0800 (PST)
ru 2002/01/11 07:12:00 PST
Modified files:
gnu/usr.bin/man/man Makefile man.c man.man
gnu/usr.bin/man/manpath Makefile
Log:
Now that we have the original BSD man(1)'s ${MACHINE} feature
back (as of man.c,v 1.45), change the meaning of the -m option
from poorly documented and badly coded "alternate system" to a
much more useful "different architecture for the same system".
PR: docs/31261
Revision Changes Path
1.32 +2 -2 src/gnu/usr.bin/man/man/Makefile
1.50 +20 -103 src/gnu/usr.bin/man/man/man.c
1.20 +20 -15 src/gnu/usr.bin/man/man/man.man
1.26 +2 -2 src/gnu/usr.bin/man/manpath/Makefile
From: Ruslan Ermilov <ru@FreeBSD.org>
Subject: cvs commit: src/gnu/usr.bin/man/man Makefile man.c src/etc/mtree
BSD.local.dist BSD.usr.dist BSD.x11-4.dist BSD.x11.dist
To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Date: Tue, 15 Jan 2002 06:11:05 -0800 (PST)
ru 2002/01/15 06:11:05 PST
Modified files:
gnu/usr.bin/man/man Makefile man.c
etc/mtree BSD.local.dist BSD.usr.dist
BSD.x11-4.dist BSD.x11.dist
Log:
Do not install man(1) setuid ``man''.
The catpaging and setuidness features of man(1) combined make
it vulnerable to a number of security attacks. Specifically,
it was possible to overwrite system catpages with arbitrarily
contents by either setting up a symlink to a directory holding
system catpages, or by writing custom -mdoc or -man groff(1)
macro packages and setting up GROFF_TMAC_PATH in environment
to point to them. (See PR below for details).
This means man(1) can no longer create system catpages on a
regular user's behalf. (It is still able to if the user has
write permissions to the directory holding catpages, e.g.,
user's own manpages, or if the running user is ``root''.)
To create and install catpages during ``make world'', please
set MANBUILDCAT=YES in /etc/make.conf. To rebuild catpages
on a weekly basis, please set weekly_catman_enable="YES" in
/etc/periodic.conf.
PR: bin/32791
Revision Changes Path
1.85 +3 -7 src/etc/mtree/BSD.local.dist
1.251 +4 -6 src/etc/mtree/BSD.usr.dist
1.19 +2 -4 src/etc/mtree/BSD.x11-4.dist
1.16 +2 -4 src/etc/mtree/BSD.x11.dist
1.33 +1 -4 src/gnu/usr.bin/man/man/Makefile
1.51 +2 -62 src/gnu/usr.bin/man/man/man.c
Index: gnu/usr.bin/man/man/Makefile
===================================================================
RCS file: /home/ncvs/src/gnu/usr.bin/man/man/Makefile,v
retrieving revision 1.27.2.2
diff -u -p -r1.27.2.2 Makefile
--- gnu/usr.bin/man/man/Makefile 2001/04/25 12:03:53 1.27.2.2
+++ gnu/usr.bin/man/man/Makefile 2002/01/15 14:45:42
@@ -5,9 +5,6 @@ MAN_LIBZ=YES
PROG= man
SRCS= man.c manpath.c glob.c
-BINOWN= man
-BINMODE=4555
-INSTALLFLAGS+= -fschg
CFLAGS+= -I${LIBDESTDIR}
DPADD= ${LIBMAN}
@@ -20,7 +17,7 @@ CFLAGS+=-DHAVE_LIBZ=1
.endif
CFLAGS+= -I${.CURDIR}/../lib -DSTDC_HEADERS -DPOSIX -DHAS_TROFF
-CFLAGS+= -DDO_COMPRESS -DALT_SYSTEMS -DSETREUID -DCATMODE=0644
+CFLAGS+= -DDO_COMPRESS -DCATMODE=0644
CLEANFILES+= man.1
.PATH: ${.CURDIR}/../manpath
Index: gnu/usr.bin/man/man/man.c
===================================================================
RCS file: /home/ncvs/src/gnu/usr.bin/man/man/man.c,v
retrieving revision 1.37.2.3
diff -u -p -r1.37.2.3 man.c
--- gnu/usr.bin/man/man/man.c 2002/01/05 16:17:30 1.37.2.3
+++ gnu/usr.bin/man/man/man.c 2002/01/15 14:45:54
@@ -86,11 +86,6 @@ static int whatis;
static int findall;
static int print_where;
-#ifdef ALT_SYSTEMS
-static int alt_system;
-static char *alt_system_name;
-#endif
-
#ifdef __FreeBSD__
/* short_locale without country suffix */
static char *locale, *short_locale, *locale_opts, *locale_nroff;
@@ -114,7 +109,6 @@ static int troff = 0;
int debug;
#ifdef HAS_TROFF
-#ifdef ALT_SYSTEMS
#ifdef __FreeBSD__
static char args[] = "M:P:S:adfhkm:op:tw?";
#else
@@ -122,32 +116,10 @@ static char args[] = "M:P:S:adfhkm:p:tw?
#endif
#else
#ifdef __FreeBSD__
-static char args[] = "M:P:S:adfhkop:tw?";
-#else
-static char args[] = "M:P:S:adfhkp:tw?";
-#endif
-#endif
-#else
-#ifdef ALT_SYSTEMS
-#ifdef __FreeBSD__
static char args[] = "M:P:S:adfhkm:op:w?";
#else
static char args[] = "M:P:S:adfhkm:p:w?";
#endif
-#else
-#ifdef __FreeBSD__
-static char args[] = "M:P:S:adfhkop:w?";
-#else
-static char args[] = "M:P:S:adfhkp:w?";
-#endif
-#endif
-#endif
-
-#ifdef SETREUID
-uid_t ruid;
-uid_t euid;
-gid_t rgid;
-gid_t egid;
#endif
int
@@ -187,15 +159,6 @@ main (argc, argv)
gripe_no_name (tmp);
}
-#ifdef SETREUID
- ruid = getuid();
- rgid = getgid();
- euid = geteuid();
- egid = getegid();
- setreuid(-1, ruid);
- setregid(-1, rgid);
-#endif
-
while (optind < argc)
{
nextarg = argv[optind++];
@@ -242,50 +205,26 @@ usage ()
static char usage_string[1024] = "%s, version %s\n\n";
#ifdef HAS_TROFF
-#ifdef ALT_SYSTEMS
#ifdef __FreeBSD__
static char s1[] =
- "usage: %s [-adfhkotw] [section] [-M path] [-P pager] [-S list]\n\
- [-m system] [-p string] name ...\n\n";
+ "usage: %s [-adfhkmotw] [section] [-M path] [-P pager] [-S list]\n\
+ [-m machine] [-p string] name ...\n\n";
#else
static char s1[] =
- "usage: %s [-adfhktw] [section] [-M path] [-P pager] [-S list]\n\
- [-m system] [-p string] name ...\n\n";
+ "usage: %s [-adfhkmtw] [section] [-M path] [-P pager] [-S list]\n\
+ [-m machine] [-p string] name ...\n\n";
#endif
#else
#ifdef __FreeBSD__
static char s1[] =
- "usage: %s [-adfhkotw] [section] [-M path] [-P pager] [-S list]\n\
- [-p string] name ...\n\n";
+ "usage: %s [-adfhkmow] [section] [-M path] [-P pager] [-S list]\n\
+ [-m machine] [-p string] name ...\n\n";
#else
static char s1[] =
- "usage: %s [-adfhktw] [section] [-M path] [-P pager] [-S list]\n\
- [-p string] name ...\n\n";
+ "usage: %s [-adfhkmw] [section] [-M path] [-P pager] [-S list]\n\
+ [-m machine] [-p string] name ...\n\n";
#endif
#endif
-#else
-#ifdef ALT_SYSTEMS
-#ifdef __FreeBSD__
- static char s1[] =
- "usage: %s [-adfhkow] [section] [-M path] [-P pager] [-S list]\n\
- [-m system] [-p string] name ...\n\n";
-#else
- static char s1[] =
- "usage: %s [-adfhkw] [section] [-M path] [-P pager] [-S list]\n\
- [-m system] [-p string] name ...\n\n";
-#endif
-#else
-#ifdef __FreeBSD__
- static char s1[] =
- "usage: %s [-adfhkow] [section] [-M path] [-P pager] [-S list]\n\
- [-p string] name ...\n\n";
-#else
- static char s1[] =
- "usage: %s [-adfhkw] [section] [-M path] [-P pager] [-S list]\n\
- [-p string] name ...\n\n";
-#endif
-#endif
-#endif
static char s2[] = " a : find all matching entries\n\
d : print gobs of debugging information\n\
@@ -294,21 +233,18 @@ static char s2[] = " a : find all match
k : same as apropos(1)\n";
#ifdef __FreeBSD__
- static char s21[] = " o : use original, non-localized manpages\n";
+ static char s3[] = " o : use original, non-localized manpages\n";
#endif
#ifdef HAS_TROFF
- static char s3[] = " t : use troff to format pages for printing\n";
+ static char s4[] = " t : use troff to format pages for printing\n";
#endif
-
- static char s4[] = " w : print location of man page(s) that would be displayed\n\n\
- M path : set search path for manual pages to `path'\n\
- P pager : use program `pager' to display pages\n\
- S list : colon separated section list\n";
-#ifdef ALT_SYSTEMS
- static char s5[] = " m system : search for alternate system's man pages\n";
-#endif
+ static char s5[] = " w : print location of man page(s) that would be displayed\n\n\
+ M path : set search path for manual pages to `path'\n\
+ P pager : use program `pager' to display pages\n\
+ S list : colon separated section list\n\
+ m machine : search for alternate architecture man pages\n";
static char s6[] = " p string : string tells which preprocessors to run\n\
e - [n]eqn(1) p - pic(1) t - tbl(1)\n\
@@ -317,18 +253,14 @@ static char s2[] = " a : find all match
strcat (usage_string, s1);
strcat (usage_string, s2);
#ifdef __FreeBSD__
- strcat (usage_string, s21);
-#endif
-
-#ifdef HAS_TROFF
strcat (usage_string, s3);
#endif
+#ifdef HAS_TROFF
strcat (usage_string, s4);
+#endif
-#ifdef ALT_SYSTEMS
strcat (usage_string, s5);
-#endif
strcat (usage_string, s6);
@@ -417,12 +349,9 @@ man_getopt (argc, argv)
gripe_incompatible ("-k and -w");
apropos++;
break;
-#ifdef ALT_SYSTEMS
case 'm':
- alt_system++;
- alt_system_name = strdup (optarg);
+ machine = optarg;
break;
-#endif
case 'o':
use_original++;
break;
@@ -504,7 +433,7 @@ man_getopt (argc, argv)
if (debug)
fprintf (stderr, "\nusing %s as pager\n", pager);
- if ((machine = getenv ("MACHINE")) == NULL)
+ if (machine == NULL && (machine = getenv ("MACHINE")) == NULL)
machine = MACHINE;
if (debug)
@@ -521,15 +450,6 @@ man_getopt (argc, argv)
manp);
}
-#ifdef ALT_SYSTEMS
- if (alt_system_name == NULL || *alt_system_name == '\0')
- if ((alt_system_name = getenv ("SYSTEM")) != NULL)
- alt_system_name = strdup (alt_system_name);
-
- if (alt_system_name != NULL && *alt_system_name != '\0')
- downcase (alt_system_name);
-#endif
-
/*
* Expand the manpath into a list for easier handling.
*/
@@ -543,26 +463,7 @@ man_getopt (argc, argv)
if ((end = strchr (p, ':')) != NULL)
*end = '\0';
-#ifdef ALT_SYSTEMS
- if (alt_system)
- {
- char buf[FILENAME_MAX];
-
- if (debug)
- fprintf (stderr, "Alternate system `%s' specified\n",
- alt_system_name);
-
- snprintf(buf, sizeof(buf), "%s/%s", p, alt_system_name);
-
- mp = add_dir_to_mpath_list (mp, buf);
- }
- else
- {
- mp = add_dir_to_mpath_list (mp, p);
- }
-#else
mp = add_dir_to_mpath_list (mp, p);
-#endif
if (end == NULL)
break;
@@ -1187,7 +1088,7 @@ restore_sigs()
* 1 for success and 0 for failure.
*/
int
-make_cat_file (path, man_file, cat_file, manid)
+make_cat_file (path, man_file, cat_file)
register char *path;
register char *man_file;
register char *cat_file;
@@ -1228,35 +1129,16 @@ make_cat_file (path, man_file, cat_file,
if (debug)
fprintf (stderr, "\ntrying command: %s\n", command);
else {
-
-#ifdef SETREUID
- if (manid) {
- setreuid(-1, ruid);
- setregid(-1, rgid);
- }
-#endif
if ((pp = popen(command, "r")) == NULL) {
s = errno;
fprintf(stderr, "Failed.\n");
errno = s;
perror("popen");
-#ifdef SETREUID
- if (manid) {
- setreuid(-1, euid);
- setregid(-1, egid);
- }
-#endif
unlink(temp);
restore_sigs();
fclose(fp);
return 0;
}
-#ifdef SETREUID
- if (manid) {
- setreuid(-1, euid);
- setregid(-1, egid);
- }
-#endif
f = 0;
while ((s = getc(pp)) != EOF) {
@@ -1392,47 +1274,7 @@ format_and_display (path, man_file, cat_
}
else
{
-
-#ifdef SETREUID
- setreuid(-1, euid);
- setregid(-1, egid);
- found = make_cat_file (path, man_file, cat_file, 1);
-#else
- found = make_cat_file (path, man_file, cat_file, 0);
-#endif
-#ifdef SETREUID
- setreuid(-1, ruid);
- setregid(-1, rgid);
-
- if (!found)
- {
- /* Try again as real user - see note below.
- By running with
- effective group (user) ID == real group (user) ID
- except for the call above, I believe the problems
- of reading private man pages is avoided. */
- found = make_cat_file (path, man_file, cat_file, 0);
- }
-#endif
-#ifdef SECURE_MAN_UID
- if (!found)
- {
- /*
- * Try again as real user. Note that for private
- * man pages, we won't even get this far unless the
- * effective user can read the real user's man page
- * source. Also, if we are trying to find all the
- * man pages, this will probably make it impossible
- * to make cat files in the system directories if
- * the real user's man directories are searched
- * first, because there's no way to undo this (is
- * there?). Yikes, am I missing something obvious?
- */
- setuid (getuid ());
-
- found = make_cat_file (path, man_file, cat_file, 0);
- }
-#endif
+ found = make_cat_file (path, man_file, cat_file);
if (found)
{
/*
Index: gnu/usr.bin/man/man/man.man
===================================================================
RCS file: /home/ncvs/src/gnu/usr.bin/man/man/man.man,v
retrieving revision 1.10.2.6
diff -u -p -r1.10.2.6 man.man
--- gnu/usr.bin/man/man/man.man 2002/01/05 16:19:02 1.10.2.6
+++ gnu/usr.bin/man/man/man.man 2002/01/15 14:45:56
@@ -23,7 +23,7 @@
.Sh SYNOPSIS
.Nm
.Op Fl adfhkotw
-.Op Fl m Ar system
+.Op Fl m Ar machine
.Op Fl p Ar string
.Op Fl M Ar path
.Op Fl P Ar pager
@@ -67,7 +67,7 @@ Specify which pager to use.
By default,
.Nm
uses
-.Nm %pager% ,
+.Nm %pager% .
This option overrides the
.Ev PAGER
environment variable.
@@ -97,9 +97,20 @@ Print a one line help message and exit.
.It Fl k
Equivalent to
.Nm apropos .
-.It Fl m Ar system
-Specify an alternate set of man pages to search based on the system
-name given.
+.It Fl m Ar machine
+As some manual pages are intended only for specific architectures,
+.Nm
+searches any subdirectories,
+with the same name as the current architecture,
+in every directory which it searches.
+Machine specific areas are checked before general areas.
+The current machine type may be overridden using this option
+or by setting the environment variable
+.Ev MACHINE
+to the name of a specific architecture.
+This option overrides the
+.Ev MACHINE
+environment variable.
.It Fl o
Look for original, non-localized manpages only.
.Pp
@@ -185,16 +196,10 @@ These variables specify the preferred la
.Fl o
option above.)
.It Ev MACHINE
-As some manual pages are intended only for specific architectures,
-.Nm
-searches any subdirectories,
-with the same name as the current architecture,
-in every directory which it searches.
-Machine specific areas are checked before general areas.
-The current machine type may be overridden by setting the environment
-variable
+If
.Ev MACHINE
-to the name of a specific architecture.
+is set, its value is used to override the current machine type
+when searching machine specific subdirectories.
.It Ev MANPATH
If
.Ev MANPATH
Index: gnu/usr.bin/man/manpath/Makefile
===================================================================
RCS file: /home/ncvs/src/gnu/usr.bin/man/manpath/Makefile,v
retrieving revision 1.22.2.2
diff -u -p -r1.22.2.2 Makefile
--- gnu/usr.bin/man/manpath/Makefile 2001/04/25 12:03:53 1.22.2.2
+++ gnu/usr.bin/man/manpath/Makefile 2002/01/15 14:45:56
@@ -6,7 +6,7 @@ DPADD= ${LIBMAN}
LDADD= ${LIBMAN}
CFLAGS+= -DMAIN -DSTDC_HEADERS -DPOSIX -DHAS_TROFF -DDO_UNCOMPRESS
-CFLAGS+= -DALT_SYSTEMS -I${.CURDIR}/../lib -I${.OBJDIR}/../lib
+CFLAGS+= -I${.CURDIR}/../lib -I${.OBJDIR}/../lib
CLEANFILES+= manpath.1
manpath.1: ${.CURDIR}/manpath.man
Index: etc/mtree/BSD.local.dist
===================================================================
RCS file: /home/ncvs/src/etc/mtree/BSD.local.dist,v
retrieving revision 1.55.2.11
diff -u -p -r1.55.2.11 BSD.local.dist
--- etc/mtree/BSD.local.dist 2002/01/14 11:23:14 1.55.2.11
+++ etc/mtree/BSD.local.dist 2002/01/15 14:46:00
@@ -44,7 +44,6 @@
libexec
..
man
-/set uname=man
cat1
..
cat2
@@ -67,7 +66,7 @@
..
catn
..
- de.ISO8859-1 uname=root
+ de.ISO8859-1
cat1
..
cat2
@@ -90,7 +89,6 @@
..
catn
..
-/set uname=root
man1
..
man2
@@ -115,7 +113,6 @@
..
..
en.ISO8859-1
-/set uname=man
cat1
..
cat1aout
@@ -149,7 +146,7 @@
catn
..
..
- ja uname=root
+ ja
cat1
..
cat2
@@ -172,7 +169,6 @@
..
catn
..
-/set uname=root
man1
..
man2
Index: etc/mtree/BSD.usr.dist
===================================================================
RCS file: /home/ncvs/src/etc/mtree/BSD.usr.dist,v
retrieving revision 1.188.2.27
diff -u -p -r1.188.2.27 BSD.usr.dist
--- etc/mtree/BSD.usr.dist 2002/01/14 11:23:15 1.188.2.27
+++ etc/mtree/BSD.usr.dist 2002/01/15 14:46:04
@@ -587,7 +587,6 @@
..
..
man
-/set uname=man
cat1
..
cat1aout
@@ -620,7 +619,7 @@
..
catn
..
- en.ISO8859-1 uname=root
+ en.ISO8859-1
cat1
..
cat1aout
@@ -654,7 +653,7 @@
catn
..
..
- ja uname=root
+ ja
cat1
..
cat2
@@ -675,7 +674,6 @@
..
catn
..
-/set uname=root
man1
..
man2
@@ -890,7 +888,7 @@
..
perl
man
- cat3 uname=man
+ cat3
..
man3
..
Index: etc/mtree/BSD.x11-4.dist
===================================================================
RCS file: /home/ncvs/src/etc/mtree/BSD.x11-4.dist,v
retrieving revision 1.13.2.5
diff -u -p -r1.13.2.5 BSD.x11-4.dist
--- etc/mtree/BSD.x11-4.dist 2001/08/01 20:37:03 1.13.2.5
+++ etc/mtree/BSD.x11-4.dist 2002/01/15 14:46:07
@@ -312,7 +312,6 @@
libexec
..
man
-/set uname=man
cat1
..
cat2
@@ -335,7 +334,7 @@
..
catn
..
- ja uname=root
+ ja
cat1
..
cat2
@@ -358,7 +357,6 @@
..
catn
..
-/set uname=root
man1
..
man2
Index: etc/mtree/BSD.x11.dist
===================================================================
RCS file: /home/ncvs/src/etc/mtree/BSD.x11.dist,v
retrieving revision 1.9.2.5
diff -u -p -r1.9.2.5 BSD.x11.dist
--- etc/mtree/BSD.x11.dist 2001/08/01 20:37:03 1.9.2.5
+++ etc/mtree/BSD.x11.dist 2002/01/15 14:46:07
@@ -194,7 +194,6 @@
libexec
..
man
-/set uname=man
cat1
..
cat2
@@ -217,7 +216,7 @@
..
catn
..
- ja uname=root
+ ja
cat1
..
cat2
@@ -240,7 +239,6 @@
..
catn
..
-/set uname=root
man1
..
man2
----- End forwarded message -----
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SunOS)
Comment: For info see http://www.gnupg.org
iD8DBQE8RL31tNcQog5FH30RAgYnAJ4uCog0sddJOrsP+DUdsN+qCbwtxwCgkpoP
Iksu/N1yinO2GyiR4eLJwsg=
=kECR
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020115234038.GR6073>