Date: Tue, 15 Jan 2002 22:55:14 -0500 (EST) From: Robert Watson <rwatson@FreeBSD.org> To: Greg Lehey <grog@FreeBSD.org> Cc: Ruslan Ermilov <ru@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/gnu/usr.bin/man/man Makefile man.c src/etc/mtree BSD.local.dist BSD.usr.dist BSD.x11-4.dist BSD.x11.dist Message-ID: <Pine.NEB.3.96L.1020115224951.59548D-100000@fledge.watson.org> In-Reply-To: <20020116132917.K78030@wantadilla.lemis.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 16 Jan 2002, Greg Lehey wrote: > > The catpaging and setuidness features of man(1) combined make > > it vulnerable to a number of security attacks. ... > > > > This means man(1) can no longer create system catpages on a > > regular user's behalf. (It is still able to if the user has > > write permissions to the directory holding catpages, e.g., > > user's own manpages, or if the running user is ``root''.) > > Hmm. I can see the security implications, but you'd need to compromise > the system in the first place in order to break it, so it's not the most > likely thing on earth. On the other hand, many people don't have such > extreme security requirements, and they might get a little upset by the > change. It's actually not all that unusual to decide not to grant root privilege to all users on a FreeBSD system. In fact, I think you'll find that many consumers of FreeBSD don't care for the idea that someone compromising Joe Customer's FreeBSD account get root access. Maybe even most. There's a lot of risk involved here, not all that disimilar to the risk involved in setuid suidperl. We turn that off by default, and users can always turn it on if they need it. One of the important activities we can do to make FreeBSD more secure for our userbase is to be conservative about how we configure the system: not turning on known risky daemons by default, especially when most users don't use them, for example. This seems like a natural extension, especially given the speed of modern machines, and the existance of a catman distribution (see below). > > To create and install catpages during ``make world'', please set > > MANBUILDCAT=YES in /etc/make.conf. > > This won't help people installing from CD-ROM. It also takes up a lot > of space. It would be nice to think of an alternative, like maybe a > private catman directory for non-root users. We have a catman distribution already, I believe, which can be enabled in sysinstall. Maybe it's time to make it part of the default install, if it isn't already. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1020115224951.59548D-100000>