Control: tag -1 fixed-upstream On Sun, Jun 24, 2018 at 05:01:32PM +0100, Colin Watson wrote: > I'm not yet sure what the best solution is. Fiddling about with SHELL > is obviously brittle. I could change man to call groff directly rather > than nroff, which would avoid the problem, but that's also brittle as it > depends on the implementation language. I suspect that I'll just have > to allow sockets in the seccomp sandbox, and maybe rely on AppArmor to > limit the potential damage.
I recently committed https://git.savannah.gnu.org/cgit/man-db.git/commit/?id=3a084ddeea0f99f8984e51946f28f3d81579dee4 upstream, and I just realised that that fixes this problem: the attempt to create a socket now returns EPERM, and glibc recovers gracefully from that and continues. So this will be fixed in the next upstream release. -- Colin Watson [cjwat...@debian.org]
