[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#388399: FTBFS problems on alpha, mips[el]: Please help debugging

Frank Küster wrote:
> [Summary for the buildd people: We still need your help]
> Steve Langasek <vorlon@debian.org> wrote:
> > But if the package build requires access to $HOME/.texmf-var, that's still a
> > bug that should be fixed; 
> No it doesn't require that.  Only if there is a $HOME directory, and it
> is writable, then it is used.  Otherwise /tmp/texfonts is used
> instead. 
> > Anyway, here's how I *am* able to reproduce the bug:
> No, that's not the same bug.
> >  sudo mkdir -p /tmp/texfonts/source/jknappen/ec
> >  sudo mkdir -p /tmp/texfonts/tfm/jknappen/ec
> >  make -C docs/psdoc
> >
> > So somewhere, there is a very, very wrong assumption that it's ok to use a
> > fixed, user-invariant path under /tmp for writing out fonts.
> I do not think that this is a bug, and anyway it's unrelated to the
> FTBFS problem.  Previously fonts were created below /var, but this was
> regarded as a security risk because users would be able to completely
> fill up /var.  Now the font cache is in the users' directories, and only
> as a fallback it is in /tmp/texfonts.

So, if I understand that correctly, the bug was fixed by running mktexmf
as non-root, and the change of the cache location is only a collateral.

> This was particularly designed
> for machines like buildds, where $HOME might be nonexistent or
> unwritable.  I think it was even discussed on -devel, but maybe not the
> details.  Why should it be more wrong to use a user-invariant path in
> /tmp than a user-invariant path in /var?

Because /var isn't a free-for-all scratch space like /tmp.

> Note that we cannot use
> directories created with mktemp or so, because it's not possible to pass
> on the directory name from the process that creates the dir, to the one
> that creates the font and to the one that uses it.
> If the admin chooses to create an empty /tmp/texfonts hierarchy without
> write access for users that need the font cache, that's equivalent to
> him creating an empty /var/cache/fonts/... without users having write
> access, in the old setup.  You're allowed to shoot yourself into the
> foot. 

AFAIU any user on the system could create /tmp/texfonts and break
mktexmf that way.


Reply to: