From owner-freebsd-arch Wed Jan 16 12:30:14 2002 Delivered-To: freebsd-arch@freebsd.org Received: from sax.sax.de (sax.sax.de [193.175.26.33]) by hub.freebsd.org (Postfix) with ESMTP id F1DD837B402; Wed, 16 Jan 2002 12:30:06 -0800 (PST) Received: (from uucp@localhost) by sax.sax.de (8.9.3/8.9.3) with UUCP id VAA08829; Wed, 16 Jan 2002 21:30:05 +0100 (CET) Received: (from j@localhost) by uriah.heep.sax.de (8.11.6/8.11.6) id g0GKSRQ05435; Wed, 16 Jan 2002 21:28:27 +0100 (MET) (envelope-from j) Date: Wed, 16 Jan 2002 21:28:27 +0100 From: Joerg Wunsch To: Ruslan Ermilov Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, arch@FreeBSD.org Subject: Re: cvs commit: src/gnu/usr.bin/man/man Makefile man.c src/etc/mtree BSD.local.dist BSD.usr.dist BSD.x11-4.dist BSD.x11.dist Message-ID: <20020116212827.B3262@uriah.heep.sax.de> Reply-To: Joerg Wunsch Mail-Followup-To: Joerg Wunsch , Ruslan Ermilov , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, arch@FreeBSD.org References: <20020116132917.K78030@wantadilla.lemis.com> <20020116154210.A74132@uriah.heep.sax.de> <20020116174352.C13904@sunbay.com> <20020116171144.C18043@uriah.heep.sax.de> <20020116183712.G13904@sunbay.com> <20020116181625.B757@uriah.heep.sax.de> <20020116195429.J13904@sunbay.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020116195429.J13904@sunbay.com>; from ru@FreeBSD.org on Wed, Jan 16, 2002 at 07:54:29PM +0200 X-Phone: +49-351-2012 669 X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F 93 21 E0 7D F9 12 D6 4E Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG As Ruslan Ermilov wrote: > There's still problem exists with following symbolic links (please > see the PR for an example exploit). But that one either requires write permission to the directory holding the cat* directories, or it requires the user to run man -M or otherwise against a modified $MANPATH. Sure, it can clobber files that are writable by user man. It's fine by me to have suidness turned off by default (and then probably also to ship a system that doesn't even have the cat directories -- what are they good for if we don't store something there? catman can handle creation of the directories by itself). I'll probably even leave it turned off on my workstation at work, but would simply like to have it as a knob on some machines. -- cheers, J"org .-.-. --... ...-- -.. . DL8DTL http://www.sax.de/~joerg/ NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message