Re: Error in default /etc/man.config

Subject: Re: Error in default /etc/man.config
From: Dan Burcaw (dburcaw@terraplex.com)
Date: Thu Mar 16 2000 - 20:28:54 MST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Jim Cole: "G4 SCSI"
• Previous message: Dan Burcaw: "Re: Error in default /etc/man.config"
• In reply to: Dan Burcaw: "Re: Error in default /etc/man.config"
• Reply: Dan Burcaw: "Re: Error in default /etc/man.config"

Ok, simple fix. What I wonder.. is why Red Hat did this.
I shall find out shortly...

> RIch,
>
> Send me a patch'd, working man.config and I'll verify it works and do an
> errata update. This problem is just plain yuckish ;)
>
> > Hullo, all.
> >
> > I noticed a problem with the default /etc/man.config in
> > CS-1.2. There's no entry for $CAT in man.config; this means that any
> > uncompressed manpages on your system will be executed. man -d shows
> > that man executes:
> >
> > (cd /usr/man ; (echo -e ".pl 1100i"; $CAT /path/to/uncompressed/manpage.n;
> > echo ".pl \n(nlu+10") | $TBL | $NROFF | $COMPRESS > /var/catman/catn/manpage.n.gz)
> >
> > leaving $CAT blank as in the default configuration gives
> >
> > (cd /usr/man ; (echo -e ".pl 1100i"; /path/to/uncompressed/manpage.n;
> > echo ".pl \n(nlu+10") | $TBL | $NROFF | $COMPRESS > /var/catman/catn/manpage.n.gz)
> >
> > which, obviously, is trying to run /path/to/uncompressed/manpage.
> >
> > Small annoyance: Any uncompressed manpages won't be viewable.
> >
> > Larger annoyance: Programs ending up in manual directories will be
> > executed. Luckily, man drops privileges by this point; but even still,
> > if a user has "." in their path, then man will happily check ./man/*
> > for manual pages.
> >
> > Chance of being exploited is rare, but the obvious one seems to be
> > making /tmp/man/* for things that don't have manual pages, or common
> > misspellings -- i.e., values of foo where you expect people to type
> > 'man foo' and there is no manpage for foo -- where each "manual page"
> > is a shell script that makes a setuid-that-user shell somewhere.
> >
> > -Rich
> >
> > --
> > ------------------------------ Rich Lafferty ---------------------------
> > Sysadmin/Programmer, Instructional and Information Technology Services
> > Concordia University, Montreal, QC (514) 848-7625
> > ------------------------- rich@alcor.concordia.ca ----------------------
> >
> >
>
> Regards,
> Dan
>
> Terra Soft Solutions, Inc.
> Yellow Dog Linux
> "The Ultimate Companion for a Dedicated Server"
> http://www.yellowdoglinux.com/
>
> Black Lab Linux
> Advanced Workstations and Parallel Solutions
> http://www.blacklablinux.com/
>
>

Regards,
Dan

Terra Soft Solutions, Inc.
 Yellow Dog Linux
 "The Ultimate Companion for a Dedicated Server"
 http://www.yellowdoglinux.com/
 
 Black Lab Linux
 Advanced Workstations and Parallel Solutions
 http://www.blacklablinux.com/

• Next message: Jim Cole: "G4 SCSI"
• Previous message: Dan Burcaw: "Re: Error in default /etc/man.config"
• In reply to: Dan Burcaw: "Re: Error in default /etc/man.config"
• Reply: Dan Burcaw: "Re: Error in default /etc/man.config"

This archive was generated by hypermail 2a24 : Sun Apr 02 2000 - 21:05:02 MDT