Bug#388399: FTBFS problems on alpha, mips[el]: Please help debugging
- To: Thiemo Seufer <firstname.lastname@example.org>, email@example.com
- Cc: Ralf Stubner <firstname.lastname@example.org>, Frank Küster <email@example.com>, firstname.lastname@example.org, email@example.com, Alex Owen <firstname.lastname@example.org>, Cyril Bouthors <email@example.com>
- Subject: Bug#388399: FTBFS problems on alpha, mips[el]: Please help debugging
- From: Steve Langasek <firstname.lastname@example.org>
- Date: Sat, 30 Sep 2006 17:06:54 -0700
- Message-id: <20061001000654.GE11662@mauritius.dodds.net>
- Mail-followup-to: Thiemo Seufer <email@example.com>, firstname.lastname@example.org, Ralf Stubner <email@example.com>, Frank Küster <firstname.lastname@example.org>, email@example.com, firstname.lastname@example.org, Alex Owen <email@example.com>, Cyril Bouthors <firstname.lastname@example.org>
- Reply-to: Steve Langasek <email@example.com>, firstname.lastname@example.org
- In-reply-to: <20060930225630.GD30302@networkno.de>
- References: <email@example.com> <20060929103700.GD21205@mauritius.dodds.net> <firstname.lastname@example.org> <20060930055438.GG4726@mauritius.dodds.net> <email@example.com> <20060930160554.GB30302@networkno.de> <firstname.lastname@example.org> <20060930171240.GC30302@networkno.de> <20060930181922.GC4508@thinkpad> <20060930225630.GD30302@networkno.de>
On Sat, Sep 30, 2006 at 11:56:30PM +0100, Thiemo Seufer wrote:
> > > I meant the the earlier security bug you mentioned. To me, the solution
> > > for the earlier bug as well as the current one looks like keeping the
> > > font cache in /var but maintaining it via a mktexmf user.
> > The problem is that mktexmf is a shell script (=no suid possible) that
> > is started with the rights of the user. So the former solution required
> > all users that wanted to use TeX to have write access below
> > /var/cache/fonts.
> Then I fail to understand
> a) why the old solution was a security problem when it does something
> similiar to e.g. /var/mail, and leaves the root-reserved part of
> the filesystem free,
> b) why moving the cache to $HOME or /tmp fixed the problem, given
> that all three probably reside on the same partition.
The old solution was a security problem because the directories were
world-writable -- /var/mail is not, the directory is only writable by the
'mail' group -- which almost certainly makes symlink attacks possible,
looking at the source of mktexmf, as well as cache poisoning attacks.
The new solution is only better if the cache is written in the home
directory; if it's written to /tmp/texfonts for any reason, the security is
just as bad.
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.