From owner-freebsd-arch  Tue Jan 22 16:27:39 2002
Delivered-To: freebsd-arch@freebsd.org
Received: from wantadilla.lemis.com (wantadilla.lemis.com [192.109.197.80])
	by hub.freebsd.org (Postfix) with ESMTP
	id 4C6F637B405; Tue, 22 Jan 2002 16:27:22 -0800 (PST)
Received: by wantadilla.lemis.com (Postfix, from userid 1004)
	id E994678306; Wed, 23 Jan 2002 10:57:19 +1030 (CST)
Date: Wed, 23 Jan 2002 10:57:19 +1030
From: Greg Lehey <grog@FreeBSD.org>
To: Ruslan Ermilov <ru@FreeBSD.ORG>
Cc: Robert Watson <rwatson@FreeBSD.ORG>,
	Nate Williams <nate@yogotech.com>, cvs-committers@FreeBSD.ORG,
	cvs-all@FreeBSD.ORG, arch@FreeBSD.ORG
Subject: Re: cvs commit: src/gnu/usr.bin/man/man Makefile man.c src/etc/mtree BSD.local.dist BSD.usr.dist BSD.x11-4.dist BSD.x11.dist
Message-ID: <20020123105719.J31684@wantadilla.lemis.com>
References: <15436.42142.53176.44467@caddis.yogotech.com> <Pine.NEB.3.96L.1020121183943.69509T-100000@fledge.watson.org> <20020122105839.C78733@sunbay.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020122105839.C78733@sunbay.com>
User-Agent: Mutt/1.3.23i
Organization: The FreeBSD Project
Phone: +61-8-8388-8286
Fax: +61-8-8388-8725
Mobile: +61-418-838-708
WWW-Home-Page: http://www.FreeBSD.org/
X-PGP-Fingerprint: 6B 7B C3 8C 61 CD 54 AF  13 24 52 F8 6D A4 95 EF
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-arch.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-arch>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-arch>
X-Loop: FreeBSD.ORG

On Tuesday, 22 January 2002 at 10:58:39 +0200, Ruslan Ermilov wrote:
> On Mon, Jan 21, 2002 at 06:54:02PM -0500, Robert Watson wrote:
>> For compatibility purposes, it might be reasonable to install man
>> non-setuid, but still have the cat pages and directories be installed as
>> the man user.  Then twiddling man to setuid man from bin/bin would still
>> work for those wanting to enable it.  However, for the default install, we
>> should either rely purely on nroff source, or also install the catman
>> distribution.
>>
> OK, here's what I will do:
>
> 1.  Restore man.c's SETUID code but do not enable it.
>
> 2.  Fix SETUID code so that:
>
>     a) system catpages are created in a pristine environment
>        (/usr/bin/env -i)
>
>     b) SETUID path is only attempted for system catpages
>
> 3.  Provide make.conf knob (ENABLE_SUID_MAN) for installing
>     man(1) ``setuid man''.
>
> a) will fix the environment race, b) will fix the symlink race.
> I've already implemented a), and will post a patch here when
> b) is also implemented.

That looks like a good solution.

Greg
--
See complete headers for address and phone numbers

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message