Re: Troff dangerous.

From: Warner Losh (impat_private)
Date: Tue Jul 27 1999 - 09:36:01 PDT

Next message: Henrik Nordstrom: "Re: Redhat 6.0 cachemgr.cgi lameness"

Previous message: Wanderley J. Abreu Jr: "Retrieving RDS Data..."
Maybe in reply to: Pawel Wilk: "Troff dangerous."
Next in thread: Aaron Campbell: "Re: Troff dangerous."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In FreeBSD-stable and -current, these tricks allow only tojan horses,
but do not allow normal users to elevate their privs.  It appears that
man doesn't run at elevated priviledge levels for execution of the
sub-commands needed to build the man pages (despite man being setuid
man on FreeBSD-stable/current).

I just noticed that OpenBSD added a -S flag which completely disables
these commands...  I think I like that, in conjunction with having man
use that flag...

Warner

Next message: Henrik Nordstrom: "Re: Redhat 6.0 cachemgr.cgi lameness"
Previous message: Wanderley J. Abreu Jr: "Retrieving RDS Data..."
Maybe in reply to: Pawel Wilk: "Troff dangerous."
Next in thread: Aaron Campbell: "Re: Troff dangerous."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:53:40 PDT