The code will be fixed for all known security vulnerabilities,
and a make.conf(5) knob (ENABLE_SUID_MAN) will be provided for
those who still want it installed setuid for whatever reasons.
The catpaging and setuidness features of man(1) combined make
it vulnerable to a number of security attacks. Specifically,
it was possible to overwrite system catpages with arbitrarily
contents by either setting up a symlink to a directory holding
system catpages, or by writing custom -mdoc or -man groff(1)
macro packages and setting up GROFF_TMAC_PATH in environment
to point to them. (See PR below for details).
This means man(1) can no longer create system catpages on a
regular user's behalf. (It is still able to if the user has
write permissions to the directory holding catpages, e.g.,
user's own manpages, or if the running user is ``root''.)
To create and install catpages during ``make world'', please
set MANBUILDCAT=YES in /etc/make.conf. To rebuild catpages
on a weekly basis, please set weekly_catman_enable="YES" in
/etc/periodic.conf.
PR: bin/32791
back (as of man.c,v 1.45), change the meaning of the -m option
from poorly documented and badly coded "alternate system" to a
much more useful "different architecture for the same system".
PR: docs/31261
This makes the following difference:
-groff_mdoc(7), -(7) - groff_mdoc reference for groff's mdoc implementation
+groff_mdoc(7) - reference for groff's mdoc implementation
empty line by troff(1) and is ignored. Teach makewhatis(1)
about this. This makes the following difference:
-groff_man(7), . groff_man(7) - groff `man' macros to support generation of man pages
+groff_man(7) - groff `man' macros to support generation of man pages
-groff_mdoc(7), -(7) - . groff_mdoc reference for groff's mdoc implementation
+groff_mdoc(7), -(7) - groff_mdoc reference for groff's mdoc implementation
-troff(1), . . troff(1) - format documents
+troff(1) - format documents
Noticed by: yar
Avoid using parenthesis enclosure macros (.Pq and .Po/.Pc) with plain text.
Not only this slows down the mdoc(7) processing significantly, but it also
has an undesired (in this case) effect of disabling hyphenation within the
entire enclosed block.
"locailzed"; it should read "localized".
* The "test" operator can be a bit dangerous (e.g., if
a newbie writes a script named "test" and has it call
"apropos", which calls "test, ...).
* In its use as "whatis", apropos formats the first
line of the output differently than the following
lines. Specifically, it leaves out all but one of
the spaces that precede the dash in the first line.
Submitted by: Rich Morin <rdm@cfcl.com>
PR: 25126
: As some manual pages are intended only for specific architectures,
: man searches any subdirectories, with the same name as the current
: architecture, in every directory which it searches. Machine specific
: areas are checked before general areas. The current machine type may
: be overridden by setting the environment variable MACHINE to the name
: of a specific architecture.
groff(1) devices for localized and non-localized pages.
Currently, for *.ISO_8859-1 locales the device in both
cases is "latin1", and for KOI8-R locale it is "koi8-r"
for localized and "ascii" for non-localized pages.
Discussed with: des