Re: mandb wrapper scripts

To: Fabrizio Polacco <fab@prosa.it>
Cc: debian-devel@lists.debian.org
Subject: Re: mandb wrapper scripts
From: Joey Hess <joeyh@debian.org>
Date: Tue, 8 Feb 2000 13:43:23 -0800
Message-id: <20000208134323.D14465@kitenet.net>
Mail-followup-to: Fabrizio Polacco <fab@prosa.it>, debian-devel@lists.debian.org
In-reply-to: <20000207140315.D449@none>; from fab@prosa.it on Mon, Feb 07, 2000 at 02:03:15PM +0200
References: <20000206025410.A1475@socrates.localdomain.local> <20000207140315.D449@none>

Ok, I'm confused. The changelog says:

  * security fix: moved setuid binaries to /usr/lib/man-db and added
    shell wrapper to execute as user nobody when invoked by root.
    This would avoid having anybody running man as root, or cron running
    mandb.

Was this done out of sheer paranioa, or is there a real security hole this
addresses?

-- 
see shy jo

Reply to:

Follow-Ups:
- Re: mandb wrapper scripts
  - From: Fabrizio Polacco <fab@prosa.it>

References:
- mandb wrapper scripts
  - From: Ethan Benson <erbenson@alaska.net>
- Re: mandb wrapper scripts
  - From: Fabrizio Polacco <fab@prosa.it>

Prev by Date: Re: mandb wrapper scripts
Next by Date: Re: debconf help
Previous by thread: Re: mandb wrapper scripts
Next by thread: Re: mandb wrapper scripts
Index(es):
- Date
- Thread