freebsd-skq/gnu
Ruslan Ermilov 30843b9337 Do not install man(1) setuid ``man''.
The catpaging and setuidness features of man(1) combined make
it vulnerable to a number of security attacks.  Specifically,
it was possible to overwrite system catpages with arbitrarily
contents by either setting up a symlink to a directory holding
system catpages, or by writing custom -mdoc or -man groff(1)
macro packages and setting up GROFF_TMAC_PATH in environment
to point to them.  (See PR below for details).

This means man(1) can no longer create system catpages on a
regular user's behalf.  (It is still able to if the user has
write permissions to the directory holding catpages, e.g.,
user's own manpages, or if the running user is ``root''.)

To create and install catpages during ``make world'', please
set MANBUILDCAT=YES in /etc/make.conf.  To rebuild catpages
on a weekly basis, please set weekly_catman_enable="YES" in
/etc/periodic.conf.

PR:		bin/32791
2002-01-15 14:11:05 +00:00
..
include It's safe to assume that ${.OBJDIR} == ${.CURDIR} in the 2001-10-24 09:16:23 +00:00
lib Back out the previous revision for now. Instead, the current sparc64 2002-01-07 19:27:50 +00:00
usr.bin Do not install man(1) setuid ``man''. 2002-01-15 14:11:05 +00:00
usr.sbin $Id$ -> $FreeBSD$ 1999-08-27 23:37:10 +00:00
COPYING
COPYING.LIB
Makefile tip(1) can do cu(1). We don't need this anymore. 2001-10-30 19:36:57 +00:00