On Fri, Mar 25, 2016 at 03:20:05PM +0100, Ingo Schwarze wrote: > Hi Craig, > > Craig Skinner wrote on Wed, Mar 23, 2016 at 10:07:10AM +0000: > > On 2016-03-22 Tue 22:49 PM |, Bob Beck wrote: > > >> A few years back, Ingo moved it to the new mandoc based man.cgi, and > >> now we've actually moved this to a dedicated place - "man.openbsd.org" > > > Superb. > > > > What's next? > > > > $ ssh gu...@man.openbsd.org > > > > Welcome guest user to OpenBSD's online manual library. > > > > The only command available is 'man'. > > > > (For help; type 'man man[ENTER]'.) > > > > $ > > Sounds like a bad idea to me. The man(1) utility spawns less(1), > and less can spawn editors and shells. So that is hard to secure. > > Even if it could be secured, i don't like the idea of handing out > SSH access to an OpenBSD web server to the general public. A web > server is always a fragile beast, and attack surface ought to be > minimized. > > Even if it could the secured and even if there weren't concerns > about expanding attack surface, it doesn't look like it could be > worth the effort. I don't think there are many people out there > expecting to find public information on the Internet on anonymous > SSH servers rather than on WWW servers, so it's not likely the > service would see much real-world use. > > And even if there were a few people who would use it, i don't > quite see how it would be better for them than what we already > have. I mean, http://man.openbsd.org/ works with text browsers > on text-only terminals. >
maybe we could provide MaaS (man as a service, copyright eric@) if user issues `man` and the man page is not found locally, man would transparently ssh to gu...@man.openbsd.org ? -- Gilles Chehade https://www.poolp.org @poolpOrg
