On Wed, Jan 03, 2001 at 11:53:37PM -0800, Joey Hess wrote: > Ethan Benson wrote: > > the problem with this is you end up with the catman files owned by > > whatever user reads whatever man page. personally as a sysadmin i > > don't want users gaining write permission to files in any more places > > under /var then there already is (ahem texmf). i am not certain if > > there is potential security threats to users being able to write bogus > > catman files, perhaps via groff tricks there is. > > I'll bet (have not verified) that you can already trick it into writing > bogus file by sticking trojan pages elsewhere in your manpath. i just tried it, did not end up with a cached file. [eb@socrates eb]$ export MANPATH=/home/eb/test [eb@socrates eb]$ find /var/cache/man -name 'bogus*' [eb@socrates eb]$ ls -l /home/eb/test/man8/ total 8 -rw-r--r-- 1 eb eb 5193 Jan 3 23:03 bogus.8 [eb@socrates eb]$ man bogus Reformatting bogus(8), please wait... ... [eb@socrates eb]$ find /var/cache/man -name 'bogus*' it also doesn't cache anything when pointing man directly at a specific man page: [eb@socrates eb]$ find /var/cache/man -name 'yaboot*' [eb@socrates eb]$ man devel/ybin/man/yaboot.8 Reformatting yaboot.8, please wait... ... [eb@socrates eb]$ find /var/cache/man -name 'yaboot*' [eb@socrates eb]$ and yes my caching does work as you can see for a normal man page: [eb@socrates eb]$ man yaboot Reformatting yaboot(8), please wait... ... [eb@socrates eb]$ find /var/cache/man -name 'yaboot*' /var/cache/man/cat8/yaboot.8.gz -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgp7seqdTGqR9.pgp
Description: PGP signature