[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: possible security flaw in screen 3.9.5-9



On Sat, Sep 09, 2000 at 01:47:55PM +1100, CaT wrote:
> 
> No. It's just not globally writeable.

ah

> > > Still, why does /var/lib/texmf/* need to be publically writeable?
> > 
> > design flaws in tetex.  see the BTS for a long discussion about it.

i actually misspoke here, its really /var/spool/texmf/* that is world
writable.

> 
> BTS?

Bug Tracking System

http://www.debian.org/Bugs

i don't remember which tetex package has the long conversion about the
issue though...

> > its not trivial to fix unfortunatly.  
> 
> doh. what do those files do? (if you know offhand)

i don't remember exactly tex is totally broken unless they are
writable by all though. 

> > most people do since its priority standard.  
> 
> aye. I'd say it needs fixing also then. :)

agreed but it will probably need fixing upstream, the changes are
really too much for debian to do themselves.  

> I'll be grabbing this when my HD stops getting roasted.

it appears to work ok and its supposed to be safe from races.. (though
i have not read the code...)

> > still i don't think its good to overload /tmp with this kind of
> > garbage more then necessary or that list could get rediculous.
> 
> Yes it could but then I think that's better then the alternative...
> and if you REALLY wanted to, you could have a .debian or whatnot
> dir in there to store all such things (or most of them/some of them)

this is becoming a question for debian-devel or perhaps debian-policy.

> > FHS may answer some of these questions too.
> 
> FHS? :)

Filesystem Hierarchy Standard http://www.pathname.com/fhs/

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgp1vsxgEsZhg.pgp
Description: PGP signature


Reply to: