Date: Wed, 16 Jan 2002 20:01:28 +0200 From: Ruslan Ermilov <ru@FreeBSD.org> To: Joerg Wunsch <j@uriah.heep.sax.de>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, arch@FreeBSD.org Subject: Re: cvs commit: src/gnu/usr.bin/man/man Makefile man.c src/etc/mtree BSD.local.dist BSD.usr.dist BSD.x11-4.dist BSD.x11.dist Message-ID: <20020116200128.L13904@sunbay.com> In-Reply-To: <20020116195429.J13904@sunbay.com> References: <20020116132917.K78030@wantadilla.lemis.com> <Pine.NEB.3.96L.1020115224951.59548D-100000@fledge.watson.org> <20020116154210.A74132@uriah.heep.sax.de> <20020116174352.C13904@sunbay.com> <20020116171144.C18043@uriah.heep.sax.de> <20020116183712.G13904@sunbay.com> <20020116181625.B757@uriah.heep.sax.de> <20020116195429.J13904@sunbay.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jan 16, 2002 at 07:54:29PM +0200, Ruslan Ermilov wrote: > On Wed, Jan 16, 2002 at 06:16:25PM +0100, Joerg Wunsch wrote: > > As Ruslan Ermilov wrote: > > > > > > ...until the next "make installworld". That's why i'm asking for > > > > a knob in /etc/make.conf. setuidperl can get its suid bit `sticky' > > > > by the same way. > > > > > > > Hmm, can't you live with a custom gnu/usr.bin/man/man/Makefile? :-) > > > > Not really. (OK, i see the smiley. ;-) > > > > > Not user "man", but the contents of the system manpages. Try this: > > > > > > ln -s /usr/bin/true /tmp/troff > > > rm /usr/share/man/cat1/cat.1* > > > /usr/bin/env GROFF_BIN_PATH=/tmp man 1 cat > > > > OK, someone can cause garbage to go into my cat page. He could > > pretend that the options "-r" and "-f" to rm(1) would be something > > harmless :). > > > > Well, i'd like to see two things: > > > > . Variables like FOO_BIN_PATH need to be ignored when running > > with raised prvileges, no question asked. We used to ignore > > LD_LIBRARY_PATH for the same reason. I hope this is something > > that is fixable. > > > Hmm. In this case, the actual problem is with groff(1). man(1) > executes groff(1) in secure (-S) mode (actually it is now the > default mode), and the latter should not respect these environment > variables while running in this mode. I will see tomorrow if this > is easily fixable -- it should be. OK, one big problem shot. > > > . Then turn off the setuid bit, but offer the option to re-enable > > it for those who value the feature more than the risk, much in > > the same sense as we do for suidperl (which i still think is a > > lot less risky than someone (like me :) writing a buggy setuid > > wrapper in C). > > > There's still problem exists with following symbolic links (please > see the PR for an example exploit). I tried a quick patch that > should solve this, but Robert Watson pointed out that it is subject > to a race between lstat(2)'ting a directory holding a catpage and > creating a file in that directory. Unfortunately, O_NOFOLLOW only > works for the last component of the pathname passed to open(2). > If we could find a solution to this problem, I would be more than > happy to restore this functionality of man(1). > No, not actually happy unless you tell me how to solve the GZIP environment variable problem mentioned here: http://security-archive.merton.ox.ac.uk/security-audit-200010/0022.html Cheers, -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020116200128.L13904>