Bug#171946: tetex-base: a+w dirs in /usr

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#171946: tetex-base: a+w dirs in /usr
From: Anthony DeRobertis <asd@suespammers.org>
Date: Fri, 06 Dec 2002 01:39:22 -0500
Message-id: <[🔎] E18KC8w-00025y-00@bohr.local>
Reply-to: Anthony DeRobertis <asd@suespammers.org>, 171946@bugs.debian.org

Package: tetex-base
Version: 1.0.2+20011202-3
Severity: serious
File: /usr/share/texmf/fonts
Tags: security
Justification: Policy 10.1.1; FHS 4; Policy 11.9

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

/usr is for static data. Arbitrary users should not be allowed to place
files there. Allowing it has problems like defeating quotas (who puts
quotas on /usr?). Also, there may be good TeX reasons for not allowing
arbitrary additions to those directories.

Here is a list of directories in /usr that are writable by users on my system.
All come from tetex or tetex related packages:
	$ find /usr -type d -perm +o+w
	/usr/share/texmf/fonts
	/usr/share/texmf/fonts/source/jknappen
	/usr/share/texmf/fonts/source/jknappen/sauter
	/usr/share/texmf/fonts/source/jknappen/tc
	/usr/share/texmf/fonts/source/jknappen/ec
	/usr/share/texmf/fonts/source/public/cs
	/usr/share/texmf/fonts/source/lh
	/usr/share/texmf/fonts/source/lh/specific
	/usr/share/texmf/fonts/source/lh/base
	/usr/share/texmf/fonts/source/lh/lh-lcy
	/usr/share/texmf/fonts/source/lh/lh-ot2
	/usr/share/texmf/fonts/source/lh/lh-t2a
	/usr/share/texmf/fonts/source/lh/lh-t2b
	/usr/share/texmf/fonts/source/lh/lh-t2c
	/usr/share/texmf/fonts/source/lh/lh-x2
	/usr/share/texmf/fonts/source/lh/nont2
	/usr/share/texmf/fonts/source/lh/lh-t2d
	/usr/share/texmf/fonts/tfm
	/usr/share/texmf/fonts/tfm/public
	/usr/share/texmf/fonts/tfm/public/latex
	/usr/share/texmf/fonts/tfm/public/cm
	/usr/share/texmf/fonts/tfm/public/concrete
	/usr/share/texmf/fonts/tfm/public/misc
	/usr/share/texmf/fonts/tfm/public/mflogo
	/usr/share/texmf/fonts/tfm/public/rsfs
	/usr/share/texmf/fonts/tfm/public/gothic
	/usr/share/texmf/fonts/tfm/public/pandora
	/usr/share/texmf/fonts/tfm/public/wasy
	/usr/share/texmf/fonts/tfm/public/mathpple
	/usr/share/texmf/fonts/tfm/public/cmextra
	/usr/share/texmf/fonts/tfm/public/bbold
	/usr/share/texmf/fonts/tfm/public/bbm
	/usr/share/texmf/fonts/tfm/public/xypic
	/usr/share/texmf/fonts/tfm/public/concmath
	/usr/share/texmf/fonts/tfm/public/euxm
	/usr/share/texmf/fonts/tfm/public/marvosym
	/usr/share/texmf/fonts/tfm/public/omega
	/usr/share/texmf/fonts/tfm/public/ae
	/usr/share/texmf/fonts/tfm/public/stmaryrd
	/usr/share/texmf/fonts/tfm/public/cmcyr
	/usr/share/texmf/fonts/tfm/public/cc-pl
	/usr/share/texmf/fonts/tfm/public/pl
	/usr/share/texmf/fonts/tfm/public/cs
	/usr/share/texmf/fonts/tfm/public/ecc
	/usr/share/texmf/fonts/tfm/public/vcm
	/usr/share/texmf/fonts/tfm/public/vnr
	/usr/share/texmf/fonts/tfm/public/antp
	/usr/share/texmf/fonts/tfm/public/antt
	/usr/share/texmf/fonts/tfm/public/pazo
	/usr/share/texmf/fonts/tfm/public/qfonts
	/usr/share/texmf/fonts/tfm/yandy
	/usr/share/texmf/fonts/tfm/yandy/mathtime
	/usr/share/texmf/fonts/tfm/yandy/mathplus
	/usr/share/texmf/fonts/tfm/yandy/symbol
	/usr/share/texmf/fonts/tfm/yandy/times
	/usr/share/texmf/fonts/tfm/yandy/courier
	/usr/share/texmf/fonts/tfm/yandy/mathpi
	/usr/share/texmf/fonts/tfm/yandy/zapfding
	/usr/share/texmf/fonts/tfm/yandy/lubright
	/usr/share/texmf/fonts/tfm/yandy/lucida
	/usr/share/texmf/fonts/tfm/yandy/lucidfax
	/usr/share/texmf/fonts/tfm/yandy/lucsans
	/usr/share/texmf/fonts/tfm/yandy/lumath
	/usr/share/texmf/fonts/tfm/ams
	/usr/share/texmf/fonts/tfm/ams/cyrillic
	/usr/share/texmf/fonts/tfm/ams/euler
	/usr/share/texmf/fonts/tfm/ams/symbols
	/usr/share/texmf/fonts/tfm/ams/cmextra
	/usr/share/texmf/fonts/tfm/hoekwater
	/usr/share/texmf/fonts/tfm/hoekwater/context
	/usr/share/texmf/fonts/tfm/bh
	/usr/share/texmf/fonts/tfm/bh/helvetic
	/usr/share/texmf/fonts/tfm/bh/lubright
	/usr/share/texmf/fonts/tfm/bh/lucida
	/usr/share/texmf/fonts/tfm/bh/lucidfax
	/usr/share/texmf/fonts/tfm/bh/lucsans
	/usr/share/texmf/fonts/tfm/bh/lumath
	/usr/share/texmf/fonts/tfm/bh/wingding
	/usr/share/texmf/fonts/tfm/cg
	/usr/share/texmf/fonts/tfm/cg/albertus
	/usr/share/texmf/fonts/tfm/cg/atqolive
	/usr/share/texmf/fonts/tfm/cg/clarendo
	/usr/share/texmf/fonts/tfm/cg/coronet
	/usr/share/texmf/fonts/tfm/cg/courier
	/usr/share/texmf/fonts/tfm/cg/garamond
	/usr/share/texmf/fonts/tfm/cg/lettrgth
	/usr/share/texmf/fonts/tfm/cg/marigold
	/usr/share/texmf/fonts/tfm/cg/optima
	/usr/share/texmf/fonts/tfm/cg/times
	/usr/share/texmf/fonts/tfm/cg/univers
	/usr/share/texmf/fonts/tfm/monotype
	/usr/share/texmf/fonts/tfm/monotype/helvetic
	/usr/share/texmf/fonts/tfm/monotype/symbol
	/usr/share/texmf/fonts/tfm/monotype/timesnew
	/usr/share/texmf/fonts/tfm/jp
	/usr/share/texmf/fonts/tfm/pxr
	/usr/share/texmf/fonts/tfm/jknappen
	/usr/share/texmf/fonts/tfm/jknappen/ec
	/usr/share/texmf/fonts/tfm/jknappen/tc
	/usr/share/texmf/fonts/tfm/txr

- -- System Information
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux bohr 2.4.16 #2 SMP Wed Nov 28 05:25:00 EST 2001 i686
Locale: LANG=en_US, LC_CTYPE=en_US

Versions of packages tetex-base depends on:
ii  dpkg                          1.10.4     Package maintenance system for Deb
ii  texinfo                       4.2-1      Documentation system for on-line i

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)

iD8DBQE98EYc+z+IwlXqWf4RAnDHAJwJLMantfO6wB51TvegwIas0jkMfgCeMH5/
xvVh0itb5Q0CWYWyTourzfU=
=Wnbj
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Bug#171946: tetex-base: a+w dirs in /usr
  - From: Atsuhito Kohda <kohda@pm.tokushima-u.ac.jp>
- Bug#171946: marked as done (tetex-base: a+w dirs in /usr)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#170969: tetex-bin: Cannot create new fonts
Next by Date: Bug#171912: tetex-bin: (Fatal format file error; I'm stymied)
Previous by thread: Processed: Bug#171912: tetex-bin: (Fatal format file error; I'm stymied)
Next by thread: Bug#171946: tetex-base: a+w dirs in /usr
Index(es):
- Date
- Thread