Date: Sat, 15 Dec 2001 11:05:39 +1030 From: Greg Lehey <grog@FreeBSD.org> To: Ruslan Ermilov <ru@FreeBSD.org> Cc: Robert Watson <rwatson@FreeBSD.org>, Garance A Drosihn <drosih@rpi.edu>, Peter Wemm <peter@wemm.org>, Nik Clayton <nik@FreeBSD.org>, Warner Losh <imp@harmony.village.org>, ache@FreeBSD.org, freebsd-arch@FreeBSD.org Subject: Re: Changing 'man' to check alternate destination for 'cat' pages Message-ID: <20011215110539.I85108@monorchid.lemis.com> In-Reply-To: <20011214144352.A71966@sunbay.com> References: <20011214101857.C35094@sunbay.com> <Pine.NEB.3.96L.1011214052132.74588S-100000@fledge.watson.org> <20011214144352.A71966@sunbay.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Friday, 14 December 2001 at 14:43:52 +0200, Ruslan Ermilov wrote: > On Fri, Dec 14, 2001 at 05:27:49AM -0500, Robert Watson wrote: >> >> On Fri, 14 Dec 2001, Ruslan Ermilov wrote: >> >>> Just having a CATMAN envariable is not enough, this would break many >>> things. There are hosts on which people use different locales >>> simultaneously. Look at how the usr/share/man/en.ISO8859-1 is organized >>> nowadays, and realize why, while sharing the man? directories with the >>> .., it has its own cat? directories. >> >> Not to mention the security issues -- the one nice thing about the >> hard-coded catman right now is that it greatly limits the scope for damage >> from a setuid man. I'm not entirely opposed to the notion of configuring >> its location in /etc/man.conf or something, but agree that a run-time >> user-tunable version of the same would be worrying. Even leaving aside >> the more serious attacks, imagine for a moment what would happen if >> arbitrary users could tweak the contents of arbitrary .8 man pages :-). >> >>> The "cat" feature of man(1) is insecure, and is probably going to be >>> nuked after a release of 4.5. >> >> Great! I've been hoping for that for years. :-) > > Can I take it as an approval from core@ or security-officer@ team, > both of which you are a member of? :-) It's certainly not (yet) an approval from core@. Greg -- See complete headers for address and phone numbers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011215110539.I85108>