On Sun, Feb 04, 2001 at 01:48:34AM +0100, Robert van der Meulen wrote: > Hi, > > Quoting StyX ([EMAIL PROTECTED]): > > styx@SuxOS-devel:~$ man -l %n%n%n%n > > man: Segmentation fault > > styx@SuxOS-devel:~$ > > > > This was on my Debian 2.2 potato system (It doesn't dump core though). > Just for the record: > on a lot of systems (including Debian), 'man' is not suid/sgid anything, and > this doesn't impose a security problem. > I don't know about Suse/Redhat/others. This is not correct, on debian man is suid man and /var/cache/man (cached preformatted man pages) is owned by user man. It is suid rather then setgid so users do not end up owning more files in /var. on debian /usr/bin/man is really a wrapper program which when run as root does a setuid man before execing /usr/lib/man-db/man. The idea is to prevent a user man compromise from turning into a root compromise. (compromise user man, replace man binaries, wait for root or cron to run man/mandb) $ ls -l /usr/lib/man-db/man* -rwsr-xr-x 1 man root 94676 Apr 6 2000 /usr/lib/man-db/man -rwsr-xr-x 1 man root 74168 Apr 6 2000 /usr/lib/man-db/mandb $ -- Ethan Benson http://www.alaska.net/~erbenson/
- m4 format string vulnerability [was: Re: SuSe /... Mike Gerber
- Re: m4 format string vulnerability [was: Re... Ivo van Poorten
- Re: m4 format string vulnerability Jarno Huuskonen
- Re: SuSe / Debian man package format string vulnerab... StyX
- Re: SuSe / Debian man package format string vul... Martin Schulze
- Re: SuSe / Debian man package format string... Jose Nazario
- Re: SuSe / Debian man package format st... Nate Eldredge
- Re: SuSe / Debian man package format string... Robert Bihlmeyer
- Re: SuSe / Debian man package format string vul... Robert van der Meulen
- Re: SuSe / Debian man package format string... Valdis Kletnieks
- Re: SuSe / Debian man package format string... Ethan Benson
- Re: SuSe / Debian man package format string... John
- Re: SuSe / Debian man package format st... Megyer Ur
- Re: SuSe / Debian man package forma... Foldi Tamas
- Re: SuSe / Debian man package format st... Andreas Ferber
- Re: SuSe / Debian man package format st... Graham Hughes
- Re: SuSe / Debian man package format st... Matt Zimmerman
- Re: SuSe / Debian man package format string... Mate Wierdl
- Re: SuSe / Debian man package format string... Roman Drahtmueller
- Re: SuSe / Debian man package format st... Kris Kennaway
- Re: SuSe / Debian man package format string vulnerab... Darren Moffat