Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 15 Jan 2002 23:29:26 -0800
From:      Murray Stokely <murray@FreeBSD.org>
To:        Steven Huwig <sjh13@po.cwru.edu>
Cc:        stable@FreeBSD.ORG
Subject:   Re: Changes to man page in 4.5-R?
Message-ID:  <20020116072926.GV6073@windriver.com>
In-Reply-To: <3C450FC9.2050601@po.cwru.edu>
References:  <bulk.63959.20020115111848@hub.freebsd.org> <3C450FC9.2050601@po.cwru.edu>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jan 16, 2002 at 12:29:45AM -0500, Steven Huwig wrote:
> I was reading the QA guidelines at 
> http://www.freebsd.org/releases/4.5R/qa.html, and I was wondering what 
> the following statement (second bullet from bottom) means:
> 
> * Once the man page change goes in (which I think it should) we'll want 
> some basic testing of the man command.
> 
> What is the "man page change?" And is it in?

  This change was just committed to -CURRENT within the last 24 hours.
I posted a message to -qa about this earlier today.  It will most
likely be approved for MFC shortly.  Ruslan's commit message does a
good job of describing the change :

	- Murray

ru          2002/01/15 06:11:05 PST

  Modified files:
    gnu/usr.bin/man/man  Makefile man.c
    etc/mtree            BSD.local.dist BSD.usr.dist
                         BSD.x11-4.dist BSD.x11.dist
  Log:
  Do not install man(1) setuid ``man''.

  The catpaging and setuidness features of man(1) combined make
  it vulnerable to a number of security attacks.  Specifically,
  it was possible to overwrite system catpages with arbitrarily
  contents by either setting up a symlink to a directory holding
  system catpages, or by writing custom -mdoc or -man groff(1)
  macro packages and setting up GROFF_TMAC_PATH in environment
  to point to them.  (See PR below for details).

  This means man(1) can no longer create system catpages on a
  regular user's behalf.  (It is still able to if the user has
  write permissions to the directory holding catpages, e.g.,
  user's own manpages, or if the running user is ``root''.)

  To create and install catpages during ``make world'', please
  set MANBUILDCAT=YES in /etc/make.conf.  To rebuild catpages
  on a weekly basis, please set weekly_catman_enable="YES" in
  /etc/periodic.conf.

  PR:             bin/32791

  Revision  Changes    Path
  1.85      +3 -7      src/etc/mtree/BSD.local.dist
  1.251     +4 -6      src/etc/mtree/BSD.usr.dist
  1.19      +2 -4      src/etc/mtree/BSD.x11-4.dist
  1.16      +2 -4      src/etc/mtree/BSD.x11.dist
  1.33      +1 -4      src/gnu/usr.bin/man/man/Makefile
  1.51      +2 -62     src/gnu/usr.bin/man/man/man.c

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020116072926.GV6073>