Date: Tue, 15 Jan 2002 23:29:26 -0800 From: Murray Stokely <murray@FreeBSD.org> To: Steven Huwig <sjh13@po.cwru.edu> Cc: stable@FreeBSD.ORG Subject: Re: Changes to man page in 4.5-R? Message-ID: <20020116072926.GV6073@windriver.com> In-Reply-To: <3C450FC9.2050601@po.cwru.edu> References: <bulk.63959.20020115111848@hub.freebsd.org> <3C450FC9.2050601@po.cwru.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jan 16, 2002 at 12:29:45AM -0500, Steven Huwig wrote: > I was reading the QA guidelines at > http://www.freebsd.org/releases/4.5R/qa.html, and I was wondering what > the following statement (second bullet from bottom) means: > > * Once the man page change goes in (which I think it should) we'll want > some basic testing of the man command. > > What is the "man page change?" And is it in? This change was just committed to -CURRENT within the last 24 hours. I posted a message to -qa about this earlier today. It will most likely be approved for MFC shortly. Ruslan's commit message does a good job of describing the change : - Murray ru 2002/01/15 06:11:05 PST Modified files: gnu/usr.bin/man/man Makefile man.c etc/mtree BSD.local.dist BSD.usr.dist BSD.x11-4.dist BSD.x11.dist Log: Do not install man(1) setuid ``man''. The catpaging and setuidness features of man(1) combined make it vulnerable to a number of security attacks. Specifically, it was possible to overwrite system catpages with arbitrarily contents by either setting up a symlink to a directory holding system catpages, or by writing custom -mdoc or -man groff(1) macro packages and setting up GROFF_TMAC_PATH in environment to point to them. (See PR below for details). This means man(1) can no longer create system catpages on a regular user's behalf. (It is still able to if the user has write permissions to the directory holding catpages, e.g., user's own manpages, or if the running user is ``root''.) To create and install catpages during ``make world'', please set MANBUILDCAT=YES in /etc/make.conf. To rebuild catpages on a weekly basis, please set weekly_catman_enable="YES" in /etc/periodic.conf. PR: bin/32791 Revision Changes Path 1.85 +3 -7 src/etc/mtree/BSD.local.dist 1.251 +4 -6 src/etc/mtree/BSD.usr.dist 1.19 +2 -4 src/etc/mtree/BSD.x11-4.dist 1.16 +2 -4 src/etc/mtree/BSD.x11.dist 1.33 +1 -4 src/gnu/usr.bin/man/man/Makefile 1.51 +2 -62 src/gnu/usr.bin/man/man/man.c To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020116072926.GV6073>