[11148] in bugtraq
Re: Troff dangerous.
daemon@ATHENA.MIT.EDU (Warner Losh)
Tue Jul 27 17:39:39 1999
Message-Id: <199907271636.KAA53381@harmony.village.org>
Date: Tue, 27 Jul 1999 10:36:01 -0600
Reply-To: Warner Losh <imp@VILLAGE.ORG>
From: Warner Losh <imp@VILLAGE.ORG>
X-To: Pavel Kankovsky <peak@ARGO.TROJA.MFF.CUNI.CZ>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Your message of "Sun, 25 Jul 1999 15:48:25 +0200."
<19990725151346.1371.0@bobanek.nowhere.cz>
In FreeBSD-stable and -current, these tricks allow only tojan horses,
but do not allow normal users to elevate their privs. It appears that
man doesn't run at elevated priviledge levels for execution of the
sub-commands needed to build the man pages (despite man being setuid
man on FreeBSD-stable/current).
I just noticed that OpenBSD added a -S flag which completely disables
these commands... I think I like that, in conjunction with having man
use that flag...
Warner
