Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 16 Jan 2002 18:16:25 +0100
From:      Joerg Wunsch <j@uriah.heep.sax.de>
To:        Ruslan Ermilov <ru@FreeBSD.org>
Cc:        cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, arch@FreeBSD.org
Subject:   Re: cvs commit: src/gnu/usr.bin/man/man Makefile man.c src/etc/mtree BSD.local.dist BSD.usr.dist BSD.x11-4.dist BSD.x11.dist
Message-ID:  <20020116181625.B757@uriah.heep.sax.de>
In-Reply-To: <20020116183712.G13904@sunbay.com>; from ru@FreeBSD.org on Wed, Jan 16, 2002 at 06:37:12PM %2B0200
References:  <20020116132917.K78030@wantadilla.lemis.com> <Pine.NEB.3.96L.1020115224951.59548D-100000@fledge.watson.org> <20020116154210.A74132@uriah.heep.sax.de> <20020116174352.C13904@sunbay.com> <20020116171144.C18043@uriah.heep.sax.de> <20020116183712.G13904@sunbay.com>

next in thread | previous in thread | raw e-mail | index | archive | help
As Ruslan Ermilov wrote:

> > ...until the next "make installworld".  That's why i'm asking for
> > a knob in /etc/make.conf.  setuidperl can get its suid bit `sticky'
> > by the same way.
> > 
> Hmm, can't you live with a custom gnu/usr.bin/man/man/Makefile?  :-)

Not really.  (OK, i see the smiley. ;-)

> Not user "man", but the contents of the system manpages.  Try this:
> 
> ln -s /usr/bin/true /tmp/troff
> rm /usr/share/man/cat1/cat.1*
> /usr/bin/env GROFF_BIN_PATH=/tmp man 1 cat

OK, someone can cause garbage to go into my cat page.  He could
pretend that the options "-r" and "-f" to rm(1) would be something
harmless :).

Well, i'd like to see two things:

. Variables like FOO_BIN_PATH need to be ignored when running
  with raised prvileges, no question asked.  We used to ignore
  LD_LIBRARY_PATH for the same reason.  I hope this is something
  that is fixable.

. Then turn off the setuid bit, but offer the option to re-enable
  it for those who value the feature more than the risk, much in
  the same sense as we do for suidperl (which i still think is a
  lot less risky than someone (like me :) writing a buggy setuid
  wrapper in C).

-- 
cheers, J"org               .-.-.   --... ...--   -.. .  DL8DTL

http://www.sax.de/~joerg/                        NIC: JW11-RIPE
Never trust an operating system you don't have sources for. ;-)

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020116181625.B757>