Bug#366805: tex-common: Group question for tex files: too difficult IMO

To: Frank K??ster <frank@debian.org>, 366805@bugs.debian.org
Cc: Olaf van der Spek <OvdSpek@LIACS.NL>
Subject: Bug#366805: tex-common: Group question for tex files: too difficult IMO
From: Julian Gilbey <jdg@polya.uklinux.net>
Date: Thu, 11 May 2006 20:08:58 +0100
Message-id: <[🔎] 20060511190858.GD11970@burnside>
Reply-to: Julian Gilbey <jdg@polya.uklinux.net>, 366805@bugs.debian.org
In-reply-to: <[🔎] 86fyjgk4bj.fsf@alhambra.kuesterei.ch>
References: <[🔎] 20060511074605.30780.93692.reportbug@localhost> <[🔎] 8664kd2bxb.fsf@alhambra.kuesterei.ch> <[🔎] 44632622.4060500@LIACS.NL> <[🔎] 86fyjgk4bj.fsf@alhambra.kuesterei.ch>

On Thu, May 11, 2006 at 04:45:52PM +0200, Frank K??ster wrote:
> > Isn't it possible to create a tex user and have that user (via setuid
> > binaries) manage the shared data in a safe way?
> 
> Never thought about that.  Yes, it seems possible, but it's *not*
> trivial.  The executables that are called to generate the fonts are
> simple shell scripts, and setuid shell scripts aren't possible on Linux
> (and you don't want them, anyway).  The shell scripts call mf, a real
> binary, but this is also meant to be used directly and can't be setuid.

That was my target when writing the libkpathsea-perl package:
reimplement the mktex* scripts in Perl and then have them be
setuid/setgid (or more likely now, as suidperl is deprecated, have a
compiled setuid/gid wrapper call the Perl scripts).

A simple way to do it without the Perl stuff is just to move the shell
scripts to /usr/share/tex or wherever and replace them with setuid/gid
compiled wrappers.

The difficulty is more subtle, though: since the contents of texmf.cnf
and environment variables can significantly affect the behaviour of
the scripts, it must be determined which of the following is the case:

(1) The generated files will be identical both in generation (using
    only system files) and in intended destination path (filename +
    path) whether or not the user's configuration is read --> can run
    as setuid/gid with all user configuration cleaned up

(2) The generated files will be installed in a personal location if
    run with the user's configuration --> run as user

(3) The generated files will be distinct or have distinct system-wide
    locations depending upon whether or not the user's configuration
    is used --> either give up with an error message, or ignore the
    user's configuration and run setuid/gid with an appropriate
    warning message

But distinguishing between (1) and (3), in general, means running the
whole mktex* script and looking at all files used throughout the
process.  And a user might be unhappy about having their local changes
ignored ....

   Julian

Reply to:

References:
- Bug#366805: tex-common: Group question for tex files: too difficult IMO
  - From: Olaf van der Spek <OvdSpek@LIACS.NL>
- Bug#366805: tex-common: Group question for tex files: too difficult IMO
  - From: Frank Küster <frank@debian.org>
- Bug#366805: tex-common: Group question for tex files: too difficult IMO
  - From: Olaf van der Spek <OvdSpek@LIACS.NL>
- Bug#366805: tex-common: Group question for tex files: too difficult IMO
  - From: Frank Küster <frank@debian.org>

Prev by Date: SVN tetex-base commit: r1348 - tetex-base/trunk/debian/tpm
Next by Date: splitting fonts in two packages
Previous by thread: Bug#366805: tex-common: Group question for tex files: too difficult IMO
Next by thread: Bug#366812: each upgrade of tex-common asks for the group again and again
Index(es):
- Date
- Thread