Bug#1029913: Fwd: Bug#1029913: texlive-pictures: /usr/share/texlive/texmf-dist/scripts/epspdf/epspdf.tlu: /tmp write vulnerability
Siep Kroonenberg wrote:
> The problem was that the test was specifically for a file rather
> than for any filesystem item.
>
> In the updated TL package, the test has been removed altogether
> since there was already a later test for successful generation of a
> temp subdirectory.
>
> The updated package is now available as both a CTAN package and a TL
> package.
I tried it, and it fixes the problem as I reported.
Of course, chdir into /tmp is a bit risky as any file creation
before the next chdir would be susceptible to the same problem, but
I assume you made sure this won't happen.
BTW, when looked at the changes made, I noticed this:
io.stdout:write('cannot cd into '..d..'\n')
I don't know much about Lua conventions, but normally I'd expect
such messages to be written to stderr, not stdout.
Reply to: