[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#203532: marked as forwarded (tetex-extra: permissions of ls-R wrong)

Your message dated Mon, 11 Aug 2003 14:27:58 +0200
with message-id <873cg8nzu9.fsf@alhambra.bioz.unibas.ch>
has caused the Debian Bug report #203532,
regarding tetex-extra: permissions of ls-R wrong
to be marked as having been forwarded to the upstream software
author(s) Thomas Esser <te@dbs.uni-hannover.de>.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

---------------------------------------
Received: (at 203532-forwarded) by bugs.debian.org; 11 Aug 2003 12:38:25 +0000
>From frank@kuesterei.ch Mon Aug 11 07:38:06 2003
Return-path: <frank@kuesterei.ch>
Received: from moutng.kundenserver.de [212.227.126.188] 
	by master.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 19mBw3-0007s2-00; Mon, 11 Aug 2003 07:38:04 -0500
Received: from [212.227.126.155] (helo=mrelayng.kundenserver.de)
	by moutng.kundenserver.de with esmtp (Exim 3.35 #1)
	id 19mBw3-0008Gl-00; Mon, 11 Aug 2003 14:38:03 +0200
Received: from [131.152.17.45] (helo=alhambra.bioz.unibas.ch)
	by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1)
	id 19mBw3-0002W5-00; Mon, 11 Aug 2003 14:38:03 +0200
Received: from localhost ([127.0.0.1] helo=alhambra.bioz.unibas.ch)
	by alhambra.bioz.unibas.ch with esmtp (Exim 3.35 #1 (Debian))
	id 19mBmI-00085H-00; Mon, 11 Aug 2003 14:27:58 +0200
To: Thomas Esser <te@dbs.uni-hannover.de>
Cc: 203532-forwarded@bugs.debian.org
Subject: permissions of ls-R files: mktexlsr doesn't do what it promises
X-Attribution: fant
X-Ehrenamt: http://www.langau.de
From: frank@kuesterei.ch (=?iso-8859-15?q?Frank_K=FCster?=)
Date: Mon, 11 Aug 2003 14:27:58 +0200
Message-ID: <873cg8nzu9.fsf@alhambra.bioz.unibas.ch>
User-Agent: Gnus/5.1002 (Gnus v5.10.2) Emacs/21.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-15
Content-Transfer-Encoding: quoted-printable
Delivered-To: 203532-forwarded@bugs.debian.org
X-Spam-Status: No, hits=-9.3 required=4.0
	tests=BAYES_01,PATCH_UNIFIED_DIFF,USER_AGENT_GNUS_UA
	version=2.53-bugs.debian.org_2003_07_20
X-Spam-Level: 
X-Spam-Checker-Version: SpamAssassin 2.53-bugs.debian.org_2003_07_20 (1.174.2.15-2003-03-30-exp)

Lieber Thomas,

in the Debian bugtracking system for tetex there are a couple of bugs

(http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D203532
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D198549
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D198546
)

related to the way the script texk/kpathsea/mktexlsr updates the ls-R
databases when somebody else than root is trying to do this. We would be
glad if you would have a look at the following patch and consider
incorporating it in the next tetex release.

There are at least two problems:

- the script assumes that the user is allowed to write in the
  directories where the ls-R files are to be created.
- when writing the file, it uses chmod to change the permissions, but
  doesn't look for the group with which it created the file. Therefore,
  if it is run by root one time and the file is root:root, it can't be
  updated by members of group "tetex" or the like even if the
  permissions are 664.

Furthermore, creating the temporary file in the directory where the real
file will be might be a security risc, it seems. In any case it doesn't
look nice.

Julian Gilbey has made a patch (for the whole mail, see the first link
above) with the rationale:

,----
| The simplest way is probably to modify mktexlsr to do the following:
|=20
|   - (safely) create the temporary file in $TMPDIR instead of in the
|     same directory as the existing ls-R
|   - when all is successful, cat $db_file_tmp > $db_file, so that the
|     permissions are preserved.
|=20
| Here is a patch which does this; what do people think?
|=20
`----

The patch is as follows - note that it uses Debian's special tempfile
program, this would have to be changed in upstream tetex.

***************patch********************

--- /usr/bin/mktexlsr	2003-03-03 01:22:09.000000000 +0000
+++ /tmp/mktexlsr	2003-07-31 17:08:25.000000000 +0100
@@ -95,11 +95,8 @@
   # Skip if we cannot write the file:
   access -w "$db_file" || { echo "$progname: $db_file: no write permission=
. Skipping..." >&2; continue; }
=20
-  db_dir_tmp=3D"$db_dir/lsR$$.tmp"
-  (umask 077 && mkdir "$db_dir_tmp" ) \
-    || { echo "$progname: could not create directory '$db_dir_tmp'. Skippi=
ng..." >&2; continue; }
-  db_file_tmp=3D"$db_dir_tmp/lsR$$.tmp"
-  rm -f "$db_file_tmp"
+  db_file_tmp=3D`tempfile -p ls-R` \
+    || { echo "$progname: could not create temporary file for '$db_file'. =
Skipping..." >&2; continue; }
=20
   tty -s && echo "$progname: Updating $db_file... "
   echo "$ls_R_magic" >"$db_file_tmp"
@@ -113,12 +110,8 @@
   (cd "$TEXMFLS_R" && \ls -LRa 2>/dev/null) |
     sed 's%^[^.].*:$%./&%; /^\.$/d; /^\.\.$/d; /^lsR[0-9]*\.tmp$/d' >>"$db=
_file_tmp"
=20
-  # To be really safe, a loop.
-  until PERMS=3D`kpsestat =3D "$db_file"`; do sleep 1; done
-  chmod $PERMS "$db_file_tmp"
-  rm -f "$db_file"
-  mv "$db_file_tmp" "$db_file"
-  rm -rf "$db_dir_tmp"
+  cat "$db_file_tmp" > "$db_file"
+  rm -f "$db_file_tmp"
 done
 tty -s && echo "$progname: Done."
 exit 0

***************patch********************

Thank you for maintaining tetex,

Frank

P.S. as usual, please be so kind and preserve
203532-forwarded@bugs.debian.org in the Cc:, thanks.=20

--=20
Frank K=FCster, Biozentrum der Univ. Basel
Abt. Biophysikalische Chemie
Reply to: