From owner-freebsd-stable Tue Jan 15 23:29:31 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mao.stokely.org (mao.stokely.org [65.84.64.228]) by hub.freebsd.org (Postfix) with ESMTP id 6B01937B419 for ; Tue, 15 Jan 2002 23:29:27 -0800 (PST) Received: by mao.stokely.org (Postfix, from userid 2074) id C8F8D4B65D; Tue, 15 Jan 2002 23:29:26 -0800 (PST) Date: Tue, 15 Jan 2002 23:29:26 -0800 From: Murray Stokely To: Steven Huwig Cc: stable@FreeBSD.ORG Subject: Re: Changes to man page in 4.5-R? Message-ID: <20020116072926.GV6073@windriver.com> References: <3C450FC9.2050601@po.cwru.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3C450FC9.2050601@po.cwru.edu> User-Agent: Mutt/1.3.25i X-GPG-Key-ID: 1024D/0E451F7D X-GPG-Key-Fingerprint: E2CA 411D DD44 53FD BB4B 3CB5 B4D7 10A2 0E45 1F7D Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, Jan 16, 2002 at 12:29:45AM -0500, Steven Huwig wrote: > I was reading the QA guidelines at > http://www.freebsd.org/releases/4.5R/qa.html, and I was wondering what > the following statement (second bullet from bottom) means: > > * Once the man page change goes in (which I think it should) we'll want > some basic testing of the man command. > > What is the "man page change?" And is it in? This change was just committed to -CURRENT within the last 24 hours. I posted a message to -qa about this earlier today. It will most likely be approved for MFC shortly. Ruslan's commit message does a good job of describing the change : - Murray ru 2002/01/15 06:11:05 PST Modified files: gnu/usr.bin/man/man Makefile man.c etc/mtree BSD.local.dist BSD.usr.dist BSD.x11-4.dist BSD.x11.dist Log: Do not install man(1) setuid ``man''. The catpaging and setuidness features of man(1) combined make it vulnerable to a number of security attacks. Specifically, it was possible to overwrite system catpages with arbitrarily contents by either setting up a symlink to a directory holding system catpages, or by writing custom -mdoc or -man groff(1) macro packages and setting up GROFF_TMAC_PATH in environment to point to them. (See PR below for details). This means man(1) can no longer create system catpages on a regular user's behalf. (It is still able to if the user has write permissions to the directory holding catpages, e.g., user's own manpages, or if the running user is ``root''.) To create and install catpages during ``make world'', please set MANBUILDCAT=YES in /etc/make.conf. To rebuild catpages on a weekly basis, please set weekly_catman_enable="YES" in /etc/periodic.conf. PR: bin/32791 Revision Changes Path 1.85 +3 -7 src/etc/mtree/BSD.local.dist 1.251 +4 -6 src/etc/mtree/BSD.usr.dist 1.19 +2 -4 src/etc/mtree/BSD.x11-4.dist 1.16 +2 -4 src/etc/mtree/BSD.x11.dist 1.33 +1 -4 src/gnu/usr.bin/man/man/Makefile 1.51 +2 -62 src/gnu/usr.bin/man/man/man.c To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message