Bug 18668
Summary: | users may control contents of catman pages | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | Tim <tim_r> |
Component: | man | Assignee: | Bernhard Rosenkraenzer <bero> |
Status: | CLOSED WONTFIX | QA Contact: | Aaron Brown <abrown> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 6.2 | Keywords: | Security |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2000-10-09 02:59:19 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Tim
2000-10-09 02:59:14 UTC
This is impossible to fix.Since the file is generated as user, it is always writeable by that user. The only possibility to fix this would be making man setuid root, which would enable much much bigger security issues. If you want to be sure nobody plays with the catman pages, use man -c or disable catman pages in /etc/man.conf. s/man.conf/man.config/ |