d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
c6a51f1c4a
freebsd-nq/gnu/usr.bin
History
Ruslan Ermilov 30843b9337 Do not install man(1) setuid ``man''. 
The catpaging and setuidness features of man(1) combined make
it vulnerable to a number of security attacks.  Specifically,
it was possible to overwrite system catpages with arbitrarily
contents by either setting up a symlink to a directory holding
system catpages, or by writing custom -mdoc or -man groff(1)
macro packages and setting up GROFF_TMAC_PATH in environment
to point to them.  (See PR below for details).

This means man(1) can no longer create system catpages on a
regular user's behalf.  (It is still able to if the user has
write permissions to the directory holding catpages, e.g.,
user's own manpages, or if the running user is ``root''.)

To create and install catpages during ``make world'', please
set MANBUILDCAT=YES in /etc/make.conf.  To rebuild catpages
on a weekly basis, please set weekly_catman_enable="YES" in
/etc/periodic.conf.

PR:		bin/32791
2002-01-15 14:11:05 +00:00
..
as Implement .previous (swap section back to the last section) 2001-09-04 23:04:48 +00:00
awk Update to Gawk 3.1.0. 2001-11-02 23:46:57 +00:00
bc Install files via FILES. 2001-12-17 16:45:09 +00:00
binutils Catch up to the globaldata -> pcpu changes. 2001-12-12 21:15:30 +00:00
cc We need to build ``.depend'' early in the "build-tools" for the GCC 2001-09-27 17:14:33 +00:00
cpio MAN[1-9] -> MAN. 2001-03-27 14:59:06 +00:00
cvs FILES support for bsd.prog.mk. See bsd.README for details. 2001-12-17 13:59:35 +00:00
dc $Id$ -> $FreeBSD$ 1999-08-27 23:37:10 +00:00
dialog FILES support for bsd.prog.mk. See bsd.README for details. 2001-12-17 13:59:35 +00:00
diff s/dir.h/dir.c/ 1999-11-26 12:29:48 +00:00
diff3 $Id$ -> $FreeBSD$ 1999-08-27 23:37:10 +00:00
gdb/doc Upgrade for readline 4.2 2001-04-11 04:27:10 +00:00
gperf Style tweaks. 2000-10-13 12:22:47 +00:00
grep Removed glibc specific stuff. 2001-11-27 08:23:38 +00:00
groff The -pthread -> -lc_r change didn't reach here. 2002-01-11 11:42:16 +00:00
gzip beforeinstall -> SCRIPTS. 2001-04-07 11:21:35 +00:00
ld mdoc(7) police: s/BSD/.Bx/ where appropriate. 2001-08-14 10:01:54 +00:00
man Do not install man(1) setuid ``man''. 2002-01-15 14:11:05 +00:00
patch Restore vendor CVS keywords; eliminate troff(1) warnings. 2001-07-12 13:13:37 +00:00
perl FILES support for bsd.prog.mk. See bsd.README for details. 2001-12-17 13:59:35 +00:00
ptx
rcs Recognize numeric digits inside $id$ tags, eg: $XFree86$ 2001-12-10 20:44:31 +00:00
sdiff $Id$ -> $FreeBSD$ 1999-08-27 23:37:10 +00:00
send-pr Fix what was a pointless conditional. Use $GCC_EXEC_PREFIX if 2002-01-10 07:43:38 +00:00
sort mdoc(7) police: remove extraneous .Pp before and/or after .Sh. 2001-07-09 09:54:33 +00:00
tar msg_out is already initialized 2001-08-13 21:55:41 +00:00
texinfo MAN[1-9] -> MAN. 2001-03-27 14:59:06 +00:00
Makefile Bring Gawk back. There just isn't any other POSIX compliant AWK out there. 2001-11-02 23:48:32 +00:00
Makefile.inc $Id$ -> $FreeBSD$ 1999-08-27 23:37:10 +00:00