Re: Bug#388399: FTBFS problems on alpha, mips[el]: Please help debugging
- To: Ralf Stubner <ralf.stubner@web.de>
- Cc: Thiemo Seufer <ths@networkno.de>, 388399@bugs.debian.org, Frank Küster <frank@kuesterei.ch>, debian-alpha@lists.debian.org, debian-mips@lists.debian.org, Alex Owen <r.alex.owen@gmail.com>, Cyril Bouthors <cyb@debian.org>
- Subject: Re: Bug#388399: FTBFS problems on alpha, mips[el]: Please help debugging
- From: Steve Langasek <vorlon@debian.org>
- Date: Sat, 30 Sep 2006 17:10:05 -0700
- Message-id: <[🔎] 20061001001005.GF11662@mauritius.dodds.net>
- Mail-followup-to: Ralf Stubner <ralf.stubner@web.de>, Thiemo Seufer <ths@networkno.de>, 388399@bugs.debian.org, Frank Küster <frank@kuesterei.ch>, debian-alpha@lists.debian.org, debian-mips@lists.debian.org, Alex Owen <r.alex.owen@gmail.com>, Cyril Bouthors <cyb@debian.org>
- In-reply-to: <20060930181922.GC4508@thinkpad>
- References: <86bqp3f0w5.fsf_-_@alhambra.kuesterei.ch> <86r6xvgiib.fsf@alhambra.kuesterei.ch> <20060929103700.GD21205@mauritius.dodds.net> <86wt7mgb2l.fsf@alhambra.kuesterei.ch> <20060930055438.GG4726@mauritius.dodds.net> <86irj5r999.fsf@alhambra.kuesterei.ch> <20060930160554.GB30302@networkno.de> <861wptp9m0.fsf@alhambra.kuesterei.ch> <20060930171240.GC30302@networkno.de> <20060930181922.GC4508@thinkpad>
On Sat, Sep 30, 2006 at 08:19:22PM +0200, Ralf Stubner wrote:
> On Sat, Sep 30, 2006 at 18:12 +0100, Thiemo Seufer wrote:
> > Frank Küster wrote:
> > > Thiemo Seufer <ths@networkno.de> wrote:
> > > > So, if I understand that correctly, the bug was fixed by running mktexmf
> > > > as non-root, and the change of the cache location is only a collateral.
> > > No, or I do not understand what you mean.
> > I meant the the earlier security bug you mentioned. To me, the solution
> > for the earlier bug as well as the current one looks like keeping the
> > font cache in /var but maintaining it via a mktexmf user.
> The problem is that mktexmf is a shell script (=no suid possible)
Where does the input for the cache come from? If the input is always from a
privileged location (i.e., /usr/share, /usr/lib, /etc), then it's possible
-- and, I think, vastly preferable -- to have an suid wrapper for mktexmf to
manage /var/cache.
If the font input comes from user-specified, non-privileged locations, then
this can't ever be safely written to a shared location.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
vorlon@debian.org http://www.debian.org/
Reply to: