Darren Moffat <Darren.Moffateng.sun.com> writes:
> I'm having a hard time working out why the man command is setuid to any
> user.
>
> Exactly what is it that man MUST do to perform the job of turning nroff
> man pages into viewable text ?

Isn't it an issue with caching that viewable text in catN directories? If
the catN directories are mode 777, people can put in "Trojaned" man pages
that tell users to do harmful things. If they're mode 1777, a user viewing
a new version of the man page for <program> won't be able to replace the
copy of <program>.1 some other user put in the cat1 directory 5 years ago.

Thus the setuid man solution.

Now, one could certainly argue that with today's processor and disk speeds,
caching nroff results is no longer a significant savings.

----------------------------------------------------------------------
Dan Harkless | To prevent SPAM contamination, please
dan-bugtraqdilvish.speed.net | do not mention this private email
SpeedGate Communications, Inc. | address in Usenet posts. Thank you.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]