tech-security: Re: Fix for PR security/8069: man(1) vulnerability

Subject: Re: Fix for PR security/8069: man(1) vulnerability
To: None <tech-security@netbsd.org>
From: Christoph Badura <bad@oreilly.de>
List: tech-security
Date: 07/26/1999 07:36:02

simonb@netbsd.org (Simon Burge) writes:
>Christoph Badura wrote:
>> daemon:daemon is there precisely for that purpose.

>Some things are user and/or group daemon - don't we want something
>that _no_ file or directory is owned by?

Yes, we do.

>	balrog:~ 5280> grep daemon /NetBSD/src/etc/mtree/NetBSD.dist
>	msgs            uname=daemon
>	lock            uname=uucp gname=daemon
>	uucp            uname=uucp gname=daemon
>	uucppublic      uname=uucp gname=daemon mode=01777

At least the last three a gname=uucp on sane systems.  I'm sure we could find
a suitable owner for msgs too.

-- 
Christoph Badura					www.netbsd.org

	Anything that can be done in O(N) can be done in O(N^2).
	-- Ralf Schuettau (after looking at a particular piece of code)