Patch-ID# 107156-01 Keywords: security man whatis apropos Synopsis: SunOS 4.1.3_U1: man command security fix Date: Nov/17/99 Solaris Release: 1.1.1A SunOS Release: 4.1.3_U1A Unbundled Product: Unbundled Release: Relevant Architectures: sparc NOTE: sun4(all) BugId's fixed with this patch: 4154565 Changes incorporated in this version: Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: man Problem Description: 4154565 man command's use of temp files poses security risk Patch Installation Instructions: Note: /usr/ucb/man is linked to /usr/ucb/whatis and /usr/ucb/apropos. This man binary patch produces new whatis and apropos files. 1) As root, save copies of the original man, whatis and apropos files: mv /usr/ucb/man /usr/ucb/man.fcs chmod 600 /usr/ucb/man.fcs mv /usr/ucb/whatis /usr/ucb/whatis.fcs chmod 600 /usr/ucb/whatis.fcs mv /usr/ucb/apropos /usr/ucb/apropos.fcs chmod 600 /usr/ucb/apropos.fcs 2) Copy the new man file from the patch directory: cp man /usr/ucb chown root.staff /usr/ucb/man chmod 755 /usr/ucb/man ln /usr/ucb/man /usr/ucb/apropos ln /usr/ucb/man /usr/ucb/whatis