From owner-freebsd-bugs  Mon Jan 28 13:15:51 2002
Delivered-To: freebsd-bugs@freebsd.org
Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193])
	by hub.freebsd.org (Postfix) with ESMTP
	id 7858137B400; Mon, 28 Jan 2002 13:15:49 -0800 (PST)
Received: (from wollman@localhost)
	by khavrinen.lcs.mit.edu (8.11.4/8.11.4) id g0SLFmo40513;
	Mon, 28 Jan 2002 16:15:48 -0500 (EST)
	(envelope-from wollman)
Date: Mon, 28 Jan 2002 16:15:48 -0500 (EST)
From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Message-Id: <200201282115.g0SLFmo40513@khavrinen.lcs.mit.edu>
To: Giorgos Keramidas <keramida@FreeBSD.ORG>
Cc: freebsd-bugs@FreeBSD.ORG
Subject: Re: misc/34270: man -k could be used to execute any command.
In-Reply-To: <200201261740.g0QHe6i07522@freefall.freebsd.org>
References: <200201261740.g0QHe6i07522@freefall.freebsd.org>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org

<<On Sat, 26 Jan 2002 09:40:06 -0800 (PST), Giorgos Keramidas <keramida@FreeBSD.ORG> said:

>  Here's a partial fix for the "apropos" and "whatis" options of man(1).
>  This leaves still 4 places where man/man.c uses do_system_command(),
>  since I need to understand the code before I make any changes.  The
>  code of man.c is still vulnerable to environment variable tricks, but
>  at least it works with -f and -k options without problems:
 
I would suggest that the apropos and whatis commands be run by their
full path names, avoiding the exec?p functions.  If they are running
with privilege, the environment should be cleaned out as well.

-GAWollman


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message