On Wed, Jan 03, 2001 at 03:23:03PM -0800, Joey Hess wrote: > I'm concerned with some breakage in the man program. Here is an example: > [snip examples] > > This is because man runs via a wrapper that makes it run as user man > (and makes root's pager run as user man too for some reason). > > Related bugs: #74790, #60084, #58112, #42128. > > I have never seen an explination of why this wrapper program makes man > run as user man. If it just ran it as group man, everything would be ok. > As bug #42128 suggests, /var/catman/ could be writable by group man, > rather than user man. the problem with this is you end up with the catman files owned by whatever user reads whatever man page. personally as a sysadmin i don't want users gaining write permission to files in any more places under /var then there already is (ahem texmf). i am not certain if there is potential security threats to users being able to write bogus catman files, perhaps via groff tricks there is. IMO a setgid man with a group writable /var/catman is not any better then a mode 1777 /var/catman. (which is what slackware does btw) OpenBSD took another tack on this problem and just did away with cached man pages altogether. (no suid or sgid man) -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpr1_PAtL1ui.pgp
Description: PGP signature