Patch-ID# 107156-01
Keywords: security man whatis apropos
Synopsis: SunOS 4.1.3_U1: man command security fix
Date: Nov/17/99

Solaris Release: 1.1.1

SunOS Release: 4.1.3_U1

Unbundled Product: 

Unbundled Release: 

Relevant Architectures: sun4(all)

BugId's fixed with this patch: 4154565

Changes incorporated in this version: 

Patches accumulated and obsoleted by this patch: 

Patches which conflict with this patch: 

Patches required with this patch: 

Obsoleted by: 

Files included with this patch:  man

Problem Description: 

4154565 man command's use of temp files poses security risk

Patch Installation Instructions: 

Note: /usr/ucb/man is linked to /usr/ucb/whatis and
      /usr/ucb/apropos.  This man binary patch produces
      new whatis and apropos files.

1) As root, save copies of the original man, whatis
   and apropos files:

   mv /usr/ucb/man /usr/ucb/man.fcs
   chmod 600 /usr/ucb/man.fcs
   mv /usr/ucb/whatis /usr/ucb/whatis.fcs
   chmod 600 /usr/ucb/whatis.fcs
   mv /usr/ucb/apropos /usr/ucb/apropos.fcs
   chmod 600 /usr/ucb/apropos.fcs
 
2) Copy the new man file from the patch directory:
   cp man /usr/ucb
   chown root.staff /usr/ucb/man
   chmod 755 /usr/ucb/man
   ln /usr/ucb/man /usr/ucb/apropos
   ln /usr/ucb/man /usr/ucb/whatis
