This is a multi-part message in MIME format. --------------576B684814F1520A7CD46CA Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Solar Designer wrote: > [ghost@alice ghost]$ man id > Formatting page, please wait... > [ghost@alice ghost]$ ls -l /var/catman/cat1/id.1.gz > -r--rw-r-- 1 ghost man 806 Aug 1 06:14 /var/catman/cat1/id.1.gz On some systems you can prevent this by making the catman directories suid to a dummy user. On those systems all files or directories created in these directories then gets owned by this dummy user and not the user running the command. Patch attached for linux ext2 to allow suid directories. On systems where suid directories does not help, I guess you have no option but to disable the feature that man saves the preformatted page when invoked by a user if you do not like users to be able to spoof man pages. This can be done by removing any suid/sgid bits from /usr/bin/man, and making sure that the catman directories are not world writeable. If you still want to have preformatted pages available for your users, make the catman directories owned by a dummy user (for example catman), and run catman as this user to create all preformatted man pages in one big batch (or man on individual man pages if catman is not available). You can also make selected trusted users members of the man group to allow them to generate preformatted man pages when there is need to. -- Henrik Nordstrom --------------576B684814F1520A7CD46CA Content-Type: text/plain; charset=us-ascii; name="ext2_suid_dir.patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="ext2_suid_dir.patch" --- linux/fs/ext2/ialloc.c.orig Mon Jul 19 00:23:15 1999 +++ linux/fs/ext2/ialloc.c Sun Aug 1 10:37:24 1999 @@ -449,7 +449,12 @@ inode->i_sb = sb; inode->i_nlink = 1; inode->i_dev = sb->s_dev; - inode->i_uid = current->fsuid; + if (dir->i_mode & S_ISUID) { + inode->i_uid = dir->i_uid; + if (S_ISDIR(mode)) + mode |= S_ISUID; + } else + inode->i_uid = current->fsuid; if (test_opt (sb, GRPID)) inode->i_gid = dir->i_gid; else if (dir->i_mode & S_ISGID) { --------------576B684814F1520A7CD46CA--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:54:47 PDT