Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SGID man

From: kkto () CSIS HKU HK (Isaac To)
Date: Tue, 3 Aug 1999 15:30:46 +0800


"Solar" == Solar Designer <solar () false com> writes:


    Solar> I wouldn't normally post this, but while we're on the topic...
    Solar> There's an ancient problem with SGID man that I keep seeing on
    Solar> various systems.  For example, on Red Hat 5.2:

This seems to be a very general problem for programs that want to cache
things but don't want to acquire a new userid.  TeX (i.e. MetaFont) comes
close, I think.

    Solar> Solutions?  We could change the permissions on those directories
    Solar> from 775 or 1777 (that's what I've seen on various systems) to
    Solar> 770, so that group man is always required.  However, doing so
    Solar> would break things, as the group is (and should be) dropped for
    Solar> many operations.  Some changes to the way man works would be
    Solar> required to support such restricted permissions.

It seems to be a strange solution to me.  I am disallowed to read a
directory since I own files in it.  Owning such files is
horrible anyway, especially when quota is enabled.

    Solar> A workaround could be to preformat all the man pages as root.
    Solar> Finally, we could move to a SUID man, making the binary immutable
    Solar> (non-portable, not backup friendly).  I don't like any of these.

If your policy is to make every SUID program immutable, being non-portable
is not a problem (whenever you restore a backup, you just make sure every
SUID program becomes immutable before restarting service).  Otherwise, it is
not absolutely necessary for the binary to be immutable.

But yes, it is ugly.  It might be better if any SGID program is also SUID
nobody, and re-acquire real user privilege only when required.  But still,
it is ugly.

    Solar> In my opinion, it is time to stop storing preformatted pages.  It
    Solar> is no longer worth the risk.  CPUs got faster, man pages are the
    Solar> same.

But stop storing preprocessed fonts is not an option at all.  My Chinese
fonts needs hours to get completely processed, and even a regular Chinese
LaTeX source require half an hour.  Preprocessing all fonts in advance is
feasible only to those who want to spare 1G for that purpose.

Isaac.

<!-- attachment="bin0a03751" -->
<HR>
<UL>
<LI>application/pgp-signature attachment: stored
</UL>
Previous By Date Next
Previous By Thread Next

Current thread: