freebsd-dev/etc/mtree/BSD.x11.dist
Ruslan Ermilov 30843b9337 Do not install man(1) setuid ``man''.
The catpaging and setuidness features of man(1) combined make
it vulnerable to a number of security attacks.  Specifically,
it was possible to overwrite system catpages with arbitrarily
contents by either setting up a symlink to a directory holding
system catpages, or by writing custom -mdoc or -man groff(1)
macro packages and setting up GROFF_TMAC_PATH in environment
to point to them.  (See PR below for details).

This means man(1) can no longer create system catpages on a
regular user's behalf.  (It is still able to if the user has
write permissions to the directory holding catpages, e.g.,
user's own manpages, or if the running user is ``root''.)

To create and install catpages during ``make world'', please
set MANBUILDCAT=YES in /etc/make.conf.  To rebuild catpages
on a weekly basis, please set weekly_catman_enable="YES" in
/etc/periodic.conf.

PR:		bin/32791
2002-01-15 14:11:05 +00:00

301 lines
5.0 KiB
Plaintext

# $FreeBSD$
#
# Please see the file src/etc/mtree/README before making changes to this file.
#
/set type=dir uname=root gname=wheel mode=0755
.
bin
..
etc
rc.d
..
..
include
X11
ICE
..
PEX5
..
PM
..
SM
..
Xaw
..
Xmu
..
bitmaps
..
extensions
..
fonts
..
pixmaps
..
..
..
info
..
lib
X11
XF86Setup
pics
..
scripts
..
tcllib
..
..
app-defaults
..
config
..
doc
..
etc
..
fonts
100dpi
..
75dpi
..
PEX
..
Speedo
..
Type1
..
cyrillic
..
local
..
misc
..
..
fs
..
lbxproxy
..
locale
C
..
en_US.utf
..
iso8859-1
..
iso8859-2
..
iso8859-3
..
iso8859-4
..
iso8859-5
..
iso8859-6
..
iso8859-7
..
iso8859-8
..
iso8859-9
..
ja
..
ja.JIS
..
ja.SJIS
..
ko
..
koi8-r
..
tbl_data
..
th_TH.TACTIS
..
zh
..
zh_TW
..
zh_TW.Big5
..
..
proxymngr
..
rstart
commands
x11r6
..
..
contexts
..
..
twm
..
x11perfcomp
..
xdm
..
xinit
..
xkb
compat
..
compiled
..
geometry
digital
..
sgi
..
..
keycodes
digital
..
sgi
..
..
keymap
digital
..
sgi
..
sun
..
..
rules
..
semantics
..
symbols
digital
..
fujitsu
..
nec
..
sony
..
sun
..
..
..
xserver
..
xsm
..
..
aout
..
modules
..
..
libdata
..
libexec
..
man
cat1
..
cat2
..
cat3
..
cat4
..
cat5
..
cat6
..
cat7
..
cat8
..
cat9
..
catl
..
catn
..
ja
cat1
..
cat2
..
cat3
..
cat4
..
cat5
..
cat6
..
cat7
..
cat8
..
cat9
..
catl
..
catn
..
man1
..
man2
..
man3
..
man4
..
man5
..
man6
..
man7
..
man8
..
man9
..
manl
..
mann
..
..
man1
..
man2
..
man3
..
man4
..
man5
..
man6
..
man7
..
man8
..
man9
..
manl
..
mann
..
..
share
aclocal
..
doc
ja
..
..
examples
..
..
..