On Mon, Feb 05, 2001 at 11:17:28PM +0100, Roman Drahtmueller wrote:

> SuSE ships the /usr/bin/man command suid man.
> 
> After exploiting the man command format string vulnerability, the attacker
> can then replace the /usr/bin/man binary with an own program - since the
> man command is supposed to be used frequently (especially for administrators),
> this imposes a rather high security risk, which deserves some due respect.
> 
> We'll provide update packages shortly.

The solution FreeBSD uses is to set the schg flag on /usr/bin/man -
this flag can only be set and removed by root, and prevents a
compromise of the man user from overwriting the binary.

FWIW, I don't think FreeBSD has the man problem.

Kris

PGP signature

Reply via email to