freebsd-dev/etc/mtree/BSD.local.dist
Ruslan Ermilov 30843b9337 Do not install man(1) setuid ``man''.
The catpaging and setuidness features of man(1) combined make
it vulnerable to a number of security attacks.  Specifically,
it was possible to overwrite system catpages with arbitrarily
contents by either setting up a symlink to a directory holding
system catpages, or by writing custom -mdoc or -man groff(1)
macro packages and setting up GROFF_TMAC_PATH in environment
to point to them.  (See PR below for details).

This means man(1) can no longer create system catpages on a
regular user's behalf.  (It is still able to if the user has
write permissions to the directory holding catpages, e.g.,
user's own manpages, or if the running user is ``root''.)

To create and install catpages during ``make world'', please
set MANBUILDCAT=YES in /etc/make.conf.  To rebuild catpages
on a weekly basis, please set weekly_catman_enable="YES" in
/etc/periodic.conf.

PR:		bin/32791
2002-01-15 14:11:05 +00:00

401 lines
6.8 KiB
Plaintext

# $FreeBSD$
#
# Please see the file src/etc/mtree/README before making changes to this file.
#
/set type=dir uname=root gname=wheel mode=0755
.
bin
..
etc
rc.d
..
..
include
..
info
..
lib
perl5
5.6.0
man
man3
..
..
..
site_perl
5.6.0
auto
..
mach
auto
..
..
..
..
..
..
libdata
..
libexec
..
man
cat1
..
cat2
..
cat3
..
cat4
..
cat5
..
cat6
..
cat7
..
cat8
..
cat9
..
catl
..
catn
..
de.ISO8859-1
cat1
..
cat2
..
cat3
..
cat4
..
cat5
..
cat6
..
cat7
..
cat8
..
cat9
..
catl
..
catn
..
man1
..
man2
..
man3
..
man4
..
man5
..
man6
..
man7
..
man8
..
man9
..
manl
..
mann
..
..
en.ISO8859-1
cat1
..
cat1aout
..
cat2
..
cat3
..
cat4
alpha
..
i386
..
..
cat5
..
cat6
..
cat7
..
cat8
alpha
..
i386
..
..
cat9
i386
..
..
catn
..
..
ja
cat1
..
cat2
..
cat3
..
cat4
..
cat5
..
cat6
..
cat7
..
cat8
..
cat9
..
catl
..
catn
..
man1
..
man2
..
man3
..
man4
..
man5
..
man6
..
man7
..
man8
..
man9
..
manl
..
mann
..
..
man1
..
man2
..
man3
..
man4
..
man5
..
man6
..
man7
..
man8
..
man9
..
manl
..
mann
..
..
sbin
..
share
aclocal
..
dict
..
doc
ja
..
..
emacs
site-lisp
..
..
examples
..
misc
..
nls
C
..
af_ZA.ISO8859-1
..
af_ZA.ISO8859-15
..
bg_BG.CP1251
..
cs_CZ.ISO8859-2
..
da_DK.ISO8859-1
..
da_DK.ISO8859-15
..
de_AT.ISO8859-1
..
de_AT.ISO8859-15
..
de_CH.ISO8859-1
..
de_CH.ISO8859-15
..
de_DE.ISO8859-1
..
de_DE.ISO8859-15
..
el_GR.ISO8859-7
..
en_AU.ISO8859-1
..
en_AU.ISO8859-15
..
en_AU.US-ASCII
..
en_CA.ISO8859-1
..
en_CA.ISO8859-15
..
en_CA.US-ASCII
..
en_GB.ISO8859-1
..
en_GB.ISO8859-15
..
en_GB.US-ASCII
..
en_NZ.ISO8859-1
..
en_NZ.ISO8859-15
..
en_NZ.US-ASCII
..
en_US.ISO8859-1
..
en_US.ISO8859-15
..
es_ES.ISO8859-1
..
es_ES.ISO8859-15
..
et_EE.ISO8859-15
..
fi_FI.ISO8859-1
..
fi_FI.ISO8859-15
..
fr_BE.ISO8859-1
..
fr_BE.ISO8859-15
..
fr_CA.ISO8859-1
..
fr_CA.ISO8859-15
..
fr_CH.ISO8859-1
..
fr_CH.ISO8859-15
..
fr_FR.ISO8859-1
..
fr_FR.ISO8859-15
..
hi_IN.ISCII-DEV
..
hr_HR.ISO8859-2
..
hu_HU.ISO8859-2
..
is_IS.ISO8859-1
..
is_IS.ISO8859-15
..
it_CH.ISO8859-1
..
it_CH.ISO8859-15
..
it_IT.ISO8859-1
..
it_IT.ISO8859-15
..
ja_JP.SJIS
..
ja_JP.eucJP
..
ko_KR.eucKR
..
la_LN.ISO8859-1
..
la_LN.ISO8859-15
..
la_LN.ISO8859-2
..
la_LN.ISO8859-4
..
la_LN.US-ASCII
..
lt_LT.ISO8859-4
..
nl_BE.ISO8859-1
..
nl_BE.ISO8859-15
..
nl_NL.ISO8859-1
..
nl_NL.ISO8859-15
..
no_NO.ISO8859-1
..
no_NO.ISO8859-15
..
pl_PL.ISO8859-2
..
pt_PT.ISO8859-1
..
pt_PT.ISO8859-15
..
ro_RO.ISO8859-2
..
ru_RU.CP866
..
ru_RU.ISO8859-5
..
ru_RU.KOI8-R
..
sk_SK.ISO8859-2
..
sl_SI.ISO8859-2
..
sv_SE.ISO8859-1
..
sv_SE.ISO8859-15
..
tr_TR.ISO8859-9
..
uk_UA.ISO8859-5
..
uk_UA.KOI8-U
..
zh_CN.eucCN
..
zh_TW.Big5
..
..
skel
..
..
..