diff options
| author | ru <ru@FreeBSD.org> | 2002-01-15 14:11:05 +0000 |
|---|---|---|
| committer | ru <ru@FreeBSD.org> | 2002-01-15 14:11:05 +0000 |
| commit | 2aa7f13a7d0162ad396a95251dceae601862f622 (patch) | |
| tree | d8f87c866c4947f8938b35454d7ce942d7c4658e /etc | |
| parent | 99ceec2679852c284a07d9db09b0831db7c86abb (diff) | |
| download | FreeBSD-src-2aa7f13a7d0162ad396a95251dceae601862f622.zip FreeBSD-src-2aa7f13a7d0162ad396a95251dceae601862f622.tar.gz | |
Do not install man(1) setuid ``man''.
The catpaging and setuidness features of man(1) combined make
it vulnerable to a number of security attacks. Specifically,
it was possible to overwrite system catpages with arbitrarily
contents by either setting up a symlink to a directory holding
system catpages, or by writing custom -mdoc or -man groff(1)
macro packages and setting up GROFF_TMAC_PATH in environment
to point to them. (See PR below for details).
This means man(1) can no longer create system catpages on a
regular user's behalf. (It is still able to if the user has
write permissions to the directory holding catpages, e.g.,
user's own manpages, or if the running user is ``root''.)
To create and install catpages during ``make world'', please
set MANBUILDCAT=YES in /etc/make.conf. To rebuild catpages
on a weekly basis, please set weekly_catman_enable="YES" in
/etc/periodic.conf.
PR: bin/32791
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/mtree/BSD.local.dist | 8 | ||||
| -rw-r--r-- | etc/mtree/BSD.usr.dist | 8 | ||||
| -rw-r--r-- | etc/mtree/BSD.x11-4.dist | 4 | ||||
| -rw-r--r-- | etc/mtree/BSD.x11.dist | 4 |
4 files changed, 7 insertions, 17 deletions
diff --git a/etc/mtree/BSD.local.dist b/etc/mtree/BSD.local.dist index 2b9f191..43b5ea2 100644 --- a/etc/mtree/BSD.local.dist +++ b/etc/mtree/BSD.local.dist @@ -40,7 +40,6 @@ libexec .. man -/set uname=man cat1 .. cat2 @@ -63,7 +62,7 @@ .. catn .. - de.ISO8859-1 uname=root + de.ISO8859-1 cat1 .. cat2 @@ -86,7 +85,6 @@ .. catn .. -/set uname=root man1 .. man2 @@ -111,7 +109,6 @@ .. .. en.ISO8859-1 -/set uname=man cat1 .. cat1aout @@ -145,7 +142,7 @@ catn .. .. - ja uname=root + ja cat1 .. cat2 @@ -168,7 +165,6 @@ .. catn .. -/set uname=root man1 .. man2 diff --git a/etc/mtree/BSD.usr.dist b/etc/mtree/BSD.usr.dist index d65480e..14b5dee 100644 --- a/etc/mtree/BSD.usr.dist +++ b/etc/mtree/BSD.usr.dist @@ -645,7 +645,6 @@ .. .. man -/set uname=man cat1 .. cat1aout @@ -678,7 +677,7 @@ .. catn .. - en.ISO8859-1 uname=root + en.ISO8859-1 cat1 .. cat1aout @@ -712,7 +711,7 @@ catn .. .. - ja uname=root + ja cat1 .. cat2 @@ -733,7 +732,6 @@ .. catn .. -/set uname=root man1 .. man2 @@ -970,7 +968,7 @@ .. perl man - cat3 uname=man + cat3 .. man3 .. diff --git a/etc/mtree/BSD.x11-4.dist b/etc/mtree/BSD.x11-4.dist index dca7d08..b10b001 100644 --- a/etc/mtree/BSD.x11-4.dist +++ b/etc/mtree/BSD.x11-4.dist @@ -314,7 +314,6 @@ libexec .. man -/set uname=man cat1 .. cat2 @@ -337,7 +336,7 @@ .. catn .. - ja uname=root + ja cat1 .. cat2 @@ -360,7 +359,6 @@ .. catn .. -/set uname=root man1 .. man2 diff --git a/etc/mtree/BSD.x11.dist b/etc/mtree/BSD.x11.dist index ef33781..81ddaed 100644 --- a/etc/mtree/BSD.x11.dist +++ b/etc/mtree/BSD.x11.dist @@ -196,7 +196,6 @@ libexec .. man -/set uname=man cat1 .. cat2 @@ -219,7 +218,7 @@ .. catn .. - ja uname=root + ja cat1 .. cat2 @@ -242,7 +241,6 @@ .. catn .. -/set uname=root man1 .. man2 |
