Re: SGID man

From: Isaac To (kktoat_private)
Date: Tue Aug 03 1999 - 00:30:46 PDT

Next message: ET LoWNOISE: "[LoWNOISE] Password hunting with webramp"

Previous message: Alfred Huger: "bo2k plugins"
Maybe in reply to: Solar Designer: "SGID man"
Next in thread: Henrik Nordstrom: "Re: SGID man"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

--pgp-sign-Multipart_Tue_Aug__3_15:30:42_1999-1
Content-Type: text/plain; charset=US-ASCII

>>>>> "Solar" == Solar Designer <solarat_private> writes:

    Solar> I wouldn't normally post this, but while we're on the topic...
    Solar> There's an ancient problem with SGID man that I keep seeing on
    Solar> various systems.  For example, on Red Hat 5.2:

This seems to be a very general problem for programs that want to cache
things but don't want to acquire a new userid.  TeX (i.e. MetaFont) comes
close, I think.

    Solar> Solutions?  We could change the permissions on those directories
    Solar> from 775 or 1777 (that's what I've seen on various systems) to
    Solar> 770, so that group man is always required.  However, doing so
    Solar> would break things, as the group is (and should be) dropped for
    Solar> many operations.  Some changes to the way man works would be
    Solar> required to support such restricted permissions.

It seems to be a strange solution to me.  I am disallowed to read a
directory since I own files in it.  Owning such files is
horrible anyway, especially when quota is enabled.

    Solar> A workaround could be to preformat all the man pages as root.
    Solar> Finally, we could move to a SUID man, making the binary immutable
    Solar> (non-portable, not backup friendly).  I don't like any of these.

If your policy is to make every SUID program immutable, being non-portable
is not a problem (whenever you restore a backup, you just make sure every
SUID program becomes immutable before restarting service).  Otherwise, it is
not absolutely necessary for the binary to be immutable.

But yes, it is ugly.  It might be better if any SGID program is also SUID
nobody, and re-acquire real user privilege only when required.  But still,
it is ugly.

    Solar> In my opinion, it is time to stop storing preformatted pages.  It
    Solar> is no longer worth the risk.  CPUs got faster, man pages are the
    Solar> same.

But stop storing preprocessed fonts is not an option at all.  My Chinese
fonts needs hours to get completely processed, and even a regular Chinese
LaTeX source require half an hour.  Preprocessing all fonts in advance is
feasible only to those who want to spare 1G for that purpose.

Isaac.

--pgp-sign-Multipart_Tue_Aug__3_15:30:42_1999-1
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP MESSAGE-----
Version: 2.6.3ia
Comment: Processed by Mailcrypt 3.5b7, an Emacs/PGP interface

iQCVAwUBN6aapYAyyGjmR0YxAQFu0QP/bwXUvEVtVcqqHgw009UGc67tSHhnoB5/
6+lAI6gev6BLzdWxQgqmKpZQ5ZrYIvv82jG3ugEe5wOgalWA/mbr5souxIA7o/SE
R9cwCGx9dfKInyvFpBerkJ1HlSk2kc7ynzzjBn1d3LA/H/7SJj4sS/8eg2rleq1f
2U9QU5LoJI4=
=mGVt
-----END PGP MESSAGE-----

--pgp-sign-Multipart_Tue_Aug__3_15:30:42_1999-1--

Next message: ET LoWNOISE: "[LoWNOISE] Password hunting with webramp"
Previous message: Alfred Huger: "bo2k plugins"
Maybe in reply to: Solar Designer: "SGID man"
Next in thread: Henrik Nordstrom: "Re: SGID man"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:54:54 PDT