Control: tag -1 fixed-upstream On Thu, Jun 07, 2018 at 04:41:00PM -0700, Josh Triplett wrote: > man(1) documents: > > A formatting pipeline is formed from the filters and the primary > > formatter (nroff or [tg]roff with -t) and executed. Alternatively, if > > an executable program mandb_nfmt (or mandb_tfmt with -t) exists in the > > man tree root, it is executed instead. It gets passed the manual > > source file, the preprocessor string, and optionally the device > > specified with -T or -E as arguments. > > However, careful checking of strace shows that man looks for mandb_nfmt > in the current directory, not in /usr/share/man. *Fortunately*, if > found, it then attempts to *execute* "cd /usr/share/man && ./mandb_nfmt > ...", so this doesn't appear to open a security hole. Still, this does > seem like a bug.
Thanks. Indeed it is. I introduced it in 2.8.3 during a refactoring. Fixed now: https://git.savannah.gnu.org/cgit/man-db.git/commit/?id=1bab0c3a5d9727c12903055a88825ea6d3e2c361 > While investigating this, I also found that something in the man > pipeline appears to look for a file named "-" in the current directory. > Try "touch ./-" , then run "man man" under strace -f and look for a stat > of "-" in the trace. This is a bug in less. Can you file it there separately? You can reproduce it like this: echo | strace -otrace less fgrep '"-"' trace -- Colin Watson [cjwat...@debian.org]
