[19032] in bugtraq
Re: SuSe / Debian man package format string vulnerability
daemon@ATHENA.MIT.EDU (Dan Harkless)
Tue Feb 6 00:59:20 2001
Message-ID: <200102060401.UAA21404@dilvish.speed.net>
Date: Mon, 5 Feb 2001 20:01:46 -0800
Reply-To: Dan Harkless <dan-bugtraq@DILVISH.SPEED.NET>
From: Dan Harkless <dan-bugtraq@DILVISH.SPEED.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Message from Darren Moffat <Darren.Moffat@eng.sun.com> of "Mon,
05 Feb 2001 17:34:47 PST."
<200102060134.f161YlR299519@jurassic.eng.sun.com>
Darren Moffat <Darren.Moffat@eng.sun.com> writes:
> I'm having a hard time working out why the man command is setuid to any
> user.
>
> Exactly what is it that man MUST do to perform the job of turning nroff
> man pages into viewable text ?
Isn't it an issue with caching that viewable text in catN directories? If
the catN directories are mode 777, people can put in "Trojaned" man pages
that tell users to do harmful things. If they're mode 1777, a user viewing
a new version of the man page for <program> won't be able to replace the
copy of <program>.1 some other user put in the cat1 directory 5 years ago.
Thus the setuid man solution.
Now, one could certainly argue that with today's processor and disk speeds,
caching nroff results is no longer a significant savings.
----------------------------------------------------------------------
Dan Harkless | To prevent SPAM contamination, please
dan-bugtraq@dilvish.speed.net | do not mention this private email
SpeedGate Communications, Inc. | address in Usenet posts. Thank you.
