On Sat, Sep 29, 2001 at 02:42:33AM +0100, Carlos Sousa wrote: > Colin Watson wrote: > > (can't have been any vaguely recent version of man-db, as none of them > > run with root privileges ...). man-db can certainly work around it, > > my 'man' apparently runs with root privileges: > > $ ll /usr/lib/man-db > total 220 > drwxr-xr-x 2 root root 4096 Sep 26 00:55 ./ > drwxr-xr-x 131 root root 36864 Sep 26 14:33 ../ > -rwxr-xr-x 1 root root 90684 Sep 19 02:20 man* <== > -rwxr-xr-x 1 root root 70844 Sep 19 02:20 mandb* > -rwxr-xr-x 1 root root 4328 Sep 19 02:20 wrapper*
No, the binary's just owned by root, and isn't setuid. No problem there. Oh, I guess man won't be dropping privileges, then, as it's configured to when it's setuid ... that could explain this bug. Better fix that before woody releases. > However, *.gz files are still not created for ordinary users, only for > root. Doesn't keep me awake at night, but it's a symptom for something > not right. If man is running as the ordinary user that called it, it > seems logical that it can't create files in a directory with write > permission only for user 'man'?... man needs to be setuid to do that, which is now turned off by default for security reasons. This is not to say it's necessarily an exploit waiting to happen; I usually run it setuid myself - but there've been enough security holes that I felt non-setuid was a safer default. Unfortunately this means disabling cached preformatted pages by default too. If you want to change this, run 'dpkg-reconfigure man-db'. Cheers, -- Colin Watson [EMAIL PROTECTED]
