In FreeBSD-stable and -current, these tricks allow only tojan horses, but do not allow normal users to elevate their privs. It appears that man doesn't run at elevated priviledge levels for execution of the sub-commands needed to build the man pages (despite man being setuid man on FreeBSD-stable/current). I just noticed that OpenBSD added a -S flag which completely disables these commands... I think I like that, in conjunction with having man use that flag... Warner
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:53:40 PDT