Re: Error in default /etc/man.config

Subject: Re: Error in default /etc/man.config
From: Dan Burcaw (dburcaw@terraplex.com)
Date: Wed Mar 15 2000 - 10:22:00 MST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Dan Burcaw: "Re: Error in default /etc/man.config"
• Previous message: Rich Lafferty: "Error in default /etc/man.config"
• In reply to: Rich Lafferty: "Error in default /etc/man.config"
• Next in thread: Dan Burcaw: "Re: Error in default /etc/man.config"
• Reply: Dan Burcaw: "Re: Error in default /etc/man.config"

RIch,

Send me a patch'd, working man.config and I'll verify it works and do an
errata update. This problem is just plain yuckish ;)

> Hullo, all.
>
> I noticed a problem with the default /etc/man.config in
> CS-1.2. There's no entry for $CAT in man.config; this means that any
> uncompressed manpages on your system will be executed. man -d shows
> that man executes:
>
> (cd /usr/man ; (echo -e ".pl 1100i"; $CAT /path/to/uncompressed/manpage.n;
> echo ".pl \n(nlu+10") | $TBL | $NROFF | $COMPRESS > /var/catman/catn/manpage.n.gz)
>
> leaving $CAT blank as in the default configuration gives
>
> (cd /usr/man ; (echo -e ".pl 1100i"; /path/to/uncompressed/manpage.n;
> echo ".pl \n(nlu+10") | $TBL | $NROFF | $COMPRESS > /var/catman/catn/manpage.n.gz)
>
> which, obviously, is trying to run /path/to/uncompressed/manpage.
>
> Small annoyance: Any uncompressed manpages won't be viewable.
>
> Larger annoyance: Programs ending up in manual directories will be
> executed. Luckily, man drops privileges by this point; but even still,
> if a user has "." in their path, then man will happily check ./man/*
> for manual pages.
>
> Chance of being exploited is rare, but the obvious one seems to be
> making /tmp/man/* for things that don't have manual pages, or common
> misspellings -- i.e., values of foo where you expect people to type
> 'man foo' and there is no manpage for foo -- where each "manual page"
> is a shell script that makes a setuid-that-user shell somewhere.
>
> -Rich
>
> --
> ------------------------------ Rich Lafferty ---------------------------
> Sysadmin/Programmer, Instructional and Information Technology Services
> Concordia University, Montreal, QC (514) 848-7625
> ------------------------- rich@alcor.concordia.ca ----------------------
>
>

Regards,
Dan

Terra Soft Solutions, Inc.
 Yellow Dog Linux
 "The Ultimate Companion for a Dedicated Server"
 http://www.yellowdoglinux.com/
 
 Black Lab Linux
 Advanced Workstations and Parallel Solutions
 http://www.blacklablinux.com/

• Next message: Dan Burcaw: "Re: Error in default /etc/man.config"
• Previous message: Rich Lafferty: "Error in default /etc/man.config"
• In reply to: Rich Lafferty: "Error in default /etc/man.config"
• Next in thread: Dan Burcaw: "Re: Error in default /etc/man.config"
• Reply: Dan Burcaw: "Re: Error in default /etc/man.config"

This archive was generated by hypermail 2a24 : Sun Apr 02 2000 - 21:05:02 MDT