Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.2 9/18/84; site phri.UUCP Path: utzoo!watmath!clyde!burl!ulysses!mhuxr!mhuxn!ihnp4!pesnta!phri!roy From: roy@phri.UUCP (Roy Smith) Newsgroups: net.bugs.4bsd Subject: Man(1) makes "cat" files with wrong mode and ownership Message-ID: <2093@phri.UUCP> Date: Sun, 29-Dec-85 22:24:06 EST Article-I.D.: phri.2093 Posted: Sun Dec 29 22:24:06 1985 Date-Received: Tue, 31-Dec-85 00:22:06 EST Distribution: net Organization: Public Health Research Inst. (NY, NY) Lines: 46 Index: ucb/man.c 4.2BSD ucb/Makefile 4.2BSD Description: When you run "man x" and the cat file has to be made, it is left with mode 0666, and owned by whoever happened to run man. This was noticed one day when "man sh" produced neither output nor error message. On investigation, it was found that /usr/man/cat1/sh.1 was 0 length; some curious person must have tried to do something like "cat > /usr/man/cat1/sh.1" Repeat-By: rm /usr/man/cat1/sh.1 man sh ls -l /usr/man/cat1/sh.1 Fix: Install the following 2-line patch. Also, change the Makefile so man is installed set-uid. I'll leave it to other, smarter, brains to figure out if this opens up any security loopholes. *** /usr/src/ucb/man.c.old Sun Sep 25 21:05:27 1983 --- /usr/src/ucb/man.c Sun Dec 29 21:57:25 1985 *************** *** 256,263 fflush(stdout); unlink(work2); sprintf(cmdbuf, ! "%s %s > /tmp/man%d; trap '' 1 15; mv /tmp/man%d %s", ! NROFFCAT, work, getpid(), getpid(), work2); if (system(cmdbuf)) { printf(" aborted (sorry)\n"); remove(); --- 256,263 ----- fflush(stdout); unlink(work2); sprintf(cmdbuf, ! "%s %s > /tmp/man%d; trap '' 1 15;mv /tmp/man%d %s;chmod o-w %s;chown root %s", ! NROFFCAT, work, getpid(), getpid(), work2, work2, work2); if (system(cmdbuf)) { printf(" aborted (sorry)\n"); remove(); -- Roy Smith System Administrator, Public Health Research Institute 455 First Avenue, New York, NY 10016