[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#57746: Security: Directories are kept a+w

On 18.07.03 Frank Küster (frank@kuesterei.ch) wrote:
> Scott A Crosby <crosby@qwes.math.cmu.edu> wrote:
> 
> > Package: tetex-base
> > Version: 1.0-7
> >
> >
> > This package installs several of its directories a+w, which is a security
> > issue:
> >
> > drwxrwxrwt    4 root     root         1024 Jan 27 13:13
> > /var/spool/texmf/pk
> 
> Obviously this bug has been forgotten to close. See the changelog:
> 
> tetex-base (1.0.2+20021025-1) unstable; urgency=low
> 
>   * Removed obsolete /var/spool/texmf and added /var/cache/fonts (debian/dirs)
>     [kohda]
> 
> The critized directories are no longer created.
> 
The problem is now, that /var/cache/fonts is a+w. The FHS says:

Files located under /var/cache may be expired in an application
specific manner, by the system administrator, or both. The
application should always be able to recover from manual deletion of
these files (generally because of a disk space shortage). No other
requirements are made on the data format of the cache directories.

so it may be OK, that the dirs are a+w. I don't know, what was the
intention behind submitting that bug. Will you ask the submitter?

H. 
-- 
sigmentation fault
Reply to: