mirror of
https://git.FreeBSD.org/src.git
synced 2024-12-29 12:03:03 +00:00
30843b9337
The catpaging and setuidness features of man(1) combined make it vulnerable to a number of security attacks. Specifically, it was possible to overwrite system catpages with arbitrarily contents by either setting up a symlink to a directory holding system catpages, or by writing custom -mdoc or -man groff(1) macro packages and setting up GROFF_TMAC_PATH in environment to point to them. (See PR below for details). This means man(1) can no longer create system catpages on a regular user's behalf. (It is still able to if the user has write permissions to the directory holding catpages, e.g., user's own manpages, or if the running user is ``root''.) To create and install catpages during ``make world'', please set MANBUILDCAT=YES in /etc/make.conf. To rebuild catpages on a weekly basis, please set weekly_catman_enable="YES" in /etc/periodic.conf. PR: bin/32791 |
||
---|---|---|
.. | ||
include | ||
lib | ||
usr.bin | ||
usr.sbin | ||
COPYING | ||
COPYING.LIB | ||
Makefile |