Re: Bug#37606: /var/spool/texmf/ls-R unwritable
> On Thu, 13 May 1999 15:02:40 +0100 (BST), Julian Gilbey wrote:
> >> Glad to hear all of this.  I just have one comment:
> >> 
> >> >  - The mktexlsr, mktexdir and mktexupd scripts must not be setuid.
> >> >    If they are, anyone could run them, which is unnecessary.  Any
> >> >    extra privileges they require will be gained when they are called
> >> >    from other setuid processes.
> >> 
> >> It seems to me that *only* these three should be setuid, since only
> >> these three need elevated privileges.  mktextfm, etc. should be
> >> changed to write the output into a scratch directory, and have
> >> mktexupd move it into place.
> >> 
> >> Yes, this does mean anyone can invoke them, but if properly designed
> >> no damage can be done, and this restricts the scope of the changes and
> >> the scope of the specially privileged code much better.
> >
> >No, absolutely not.  If mktexupd is setuid, then anyone can make it do
> >anything to the ls-R file, I would guess.  
> 
> Only if mktexupd is misdesigned; it ought to be capable of validating
> updates.
How?
> >And having mktex{mf,tfm,pk}
> >writing to a scratch directory defeats the purpose of making the fonts
> >directory read only, as anyone could then create a corrupt font file
> >in the scratch directory and run mktexupd.
> 
> This is a problem, but isn't there some simple, efficient way to
> validate font files?
Yes: recreate them and compare the outputs.  You don't want to just
check that the files are valid, but also that they have the correct
content.
   Julian
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
  Julian Gilbey, Dept of Maths, QMW, Univ. of London. J.D.Gilbey@qmw.ac.uk
             Debian GNU/Linux Developer.  jdg@debian.org
       -*- Finger jdg@master.debian.org for my PGP public key. -*-
Reply to: