[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#388399: FTBFS problems on alpha, mips[el]: Please help debugging

On Sat, Sep 30, 2006 at 08:19:22PM +0200, Ralf Stubner wrote:
> On Sat, Sep 30, 2006 at 18:12 +0100, Thiemo Seufer wrote:
> > Frank Küster wrote:
> > > Thiemo Seufer <ths@networkno.de> wrote:

> > > > So, if I understand that correctly, the bug was fixed by running mktexmf
> > > > as non-root, and the change of the cache location is only a collateral.

> > > No, or I do not understand what you mean.

> > I meant the the earlier security bug you mentioned. To me, the solution
> > for the earlier bug as well as the current one looks like keeping the
> > font cache in /var but maintaining it via a mktexmf user.

> The problem is that mktexmf is a shell script (=no suid possible)

Where does the input for the cache come from?  If the input is always from a
privileged location (i.e., /usr/share, /usr/lib, /etc), then it's possible
-- and, I think, vastly preferable -- to have an suid wrapper for mktexmf to
manage /var/cache.

If the font input comes from user-specified, non-privileged locations, then
this can't ever be safely written to a shared location.

Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/

Reply to: