Re: our broken man package

To: debian-devel@lists.debian.org
Subject: Re: our broken man package
From: Nicolás Lichtmaier <nick@debian.org>
Date: Fri, 5 Jan 2001 10:50:21 -0300
Message-id: <[🔎] 20010105105021.A2017@debian.org>
In-reply-to: <[🔎] 20010105073718.O686@justice.loyola.edu>; from mstone@debian.org on Fri, Jan 05, 2001 at 07:37:18AM -0500
References: <[🔎] 20010103152303.A6251@kitenet.net> <[🔎] 20010103223319.N28241@plato.local.lan> <[🔎] 20010105010916.A1083@debian.org> <[🔎] 20010105073718.O686@justice.loyola.edu>

> >  There could be a helper setuid program, man-cache-writer. man would call
> > this program and pipe it the catpage. man-cache-writer would just write it's
> > stding to the proper place. End of the problems.
> 
> No so simple. You don't want the trusted program trusting the output of
> a non-trusted program. 

 Qhat if the man binary is setgid man, and this utility can only be run by
that group?

> A start to fix the current problems is to:
> 1. drop privs if reading a man page that's not going to be cached
> anyway. (E.g., a page in your private home directory.)
> 2. and in that case ignore tmpdir. store temporary files in a directory
> writable only my user man.

 That seems sensible.

Reply to:

References:
- our broken man package
  - From: Joey Hess <joeyh@debian.org>
- Re: our broken man package
  - From: Ethan Benson <erbenson@alaska.net>
- Re: our broken man package
  - From: Nicolás Lichtmaier <nick@debian.org>
- Re: our broken man package
  - From: Michael Stone <mstone@debian.org>

Prev by Date: Re: What to do about /etc/debian_version
Next by Date: Free replacement for shorten (lossless digital audio compressor)?
Previous by thread: Re: our broken man package
Next by thread: Re: our broken man package
Index(es):
- Date
- Thread