From owner-cvs-all  Tue Jan 15  6:11:10 2002
Delivered-To: cvs-all@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id 0886A37B404; Tue, 15 Jan 2002 06:11:06 -0800 (PST)
Received: (from ru@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id g0FEB6H82165;
	Tue, 15 Jan 2002 06:11:06 -0800 (PST)
	(envelope-from ru)
Message-Id: <200201151411.g0FEB6H82165@freefall.freebsd.org>
From: Ruslan Ermilov <ru@FreeBSD.org>
Date: Tue, 15 Jan 2002 06:11:05 -0800 (PST)
To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: cvs commit: src/gnu/usr.bin/man/man Makefile man.c src/etc/mtree
         BSD.local.dist BSD.usr.dist BSD.x11-4.dist BSD.x11.dist
X-FreeBSD-CVS-Branch: HEAD
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

ru          2002/01/15 06:11:05 PST

  Modified files:
    gnu/usr.bin/man/man  Makefile man.c 
    etc/mtree            BSD.local.dist BSD.usr.dist 
                         BSD.x11-4.dist BSD.x11.dist 
  Log:
  Do not install man(1) setuid ``man''.
  
  The catpaging and setuidness features of man(1) combined make
  it vulnerable to a number of security attacks.  Specifically,
  it was possible to overwrite system catpages with arbitrarily
  contents by either setting up a symlink to a directory holding
  system catpages, or by writing custom -mdoc or -man groff(1)
  macro packages and setting up GROFF_TMAC_PATH in environment
  to point to them.  (See PR below for details).
  
  This means man(1) can no longer create system catpages on a
  regular user's behalf.  (It is still able to if the user has
  write permissions to the directory holding catpages, e.g.,
  user's own manpages, or if the running user is ``root''.)
  
  To create and install catpages during ``make world'', please
  set MANBUILDCAT=YES in /etc/make.conf.  To rebuild catpages
  on a weekly basis, please set weekly_catman_enable="YES" in
  /etc/periodic.conf.
  
  PR:             bin/32791
  
  Revision  Changes    Path
  1.85      +3 -7      src/etc/mtree/BSD.local.dist
  1.251     +4 -6      src/etc/mtree/BSD.usr.dist
  1.19      +2 -4      src/etc/mtree/BSD.x11-4.dist
  1.16      +2 -4      src/etc/mtree/BSD.x11.dist
  1.33      +1 -4      src/gnu/usr.bin/man/man/Makefile
  1.51      +2 -62     src/gnu/usr.bin/man/man/man.c

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message