On Sun, Feb 04, 2001 at 01:48:34AM +0100, Robert van der Meulen wrote:
> Hi,
>
> Quoting StyX (styxMAILBOX.AS):
> > styxSuxOS-devel:~$ man -l %n%n%n%n
> > man: Segmentation fault
> > styxSuxOS-devel:~$
> >
> > This was on my Debian 2.2 potato system (It doesn't dump core though).
> Just for the record:
> on a lot of systems (including Debian), 'man' is not suid/sgid anything, and
> this doesn't impose a security problem.
> I don't know about Suse/Redhat/others.

This is not correct, on debian man is suid man and /var/cache/man
(cached preformatted man pages) is owned by user man. It is suid
rather then setgid so users do not end up owning more files in /var.

on debian /usr/bin/man is really a wrapper program which when run as
root does a setuid man before execing /usr/lib/man-db/man. The idea
is to prevent a user man compromise from turning into a root
compromise. (compromise user man, replace man binaries, wait for root
or cron to run man/mandb)

$ ls -l /usr/lib/man-db/man*
-rwsr-xr-x 1 man root 94676 Apr 6 2000 /usr/lib/man-db/man
-rwsr-xr-x 1 man root 74168 Apr 6 2000 /usr/lib/man-db/mandb
$

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjp+QuAACgkQJKx7GixEevx3mQCdHcal/va+li1PnWthNOKQixmb vR0An0Ut/xWY9t1ad45V9jEzBjNdnZ3M =r2C7 -----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]