Re: Bug#23576: tetex-base: no write-permissions on public font directories
christoph martin writes:
> krisrose@sauternes.ens-lyon.fr writes:
>> Package: tetex-base
>> Version: 0.9-7
>>
>> When the user first hits an ungenerated font then "permission denied"
>> messages are plentiful... :)
> The fonts get generated correctly, but it is a security problem to let
> everybody write the ls-R file.
But how much of a security risk is it? It would mean a normal user
could clobber the file if he wanted to, which is a kind of denial of
service attack. But are there any other risks?
And how do those risks compare with the ability to base a denial of
service attack on /var/cache/fonts (or whatever you call it) being
world-writable? (mode 1777)
In particular, would it be worth the trouble to use setgid (_not_
setuid) executables to allow for updating ls-R files and fonts without
having them world-writable? Or would that be gross overkill? (Note
that just making the executables setgid is not desirable, some scheme
of aquiring and dropping permissions at the correct times has to be
implemented for this to work.)
[...]
> TeX can find the generated fonts even without them noted in the ls-R
> file. But to speed it up they can be in the ls-R file. For this reason
> there is a cronjob every day which updates the ls-R files.
Note that it is possible to create a texmf.cnf which ensures that
generated fonts not mentioned in the ls-R file _won't_ be found. Just
use !! in the definition of VARTEXFONTS.
[...]
> The links exists:
> # ls -l /usr/lib/texmf/web2c/texmf.cnf
> lrwxrwxrwx 1 root root 20 Jun 15 14:20 /usr/lib/texmf/web2c/texmf.cnf -> /etc/texmf/texmf.cnf
Incidentally, /etc/web2c/texmf.cnf might have been more appropriate.
--
Olaf Weber
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: