Bug#203532: tetex-extra: permissions of ls-R wrong
Atsuhito Kohda <kohda@pm.tokushima-u.ac.jp> schrieb:
> I have a question. With this patch, I tested mktexlsr
> and found that this patch fixed the cron's problem #198549
> but didn't fix #198546.
>
> I suspect that the following modification is necessary.
>
> --- mktexlsr.orig 2003-08-19 12:30:22.000000000 +0900
> +++ mktexlsr 2003-08-19 14:51:28.000000000 +0900
> @@ -80,7 +80,7 @@
> db_dir=`echo "$db_file" | sed 's%/[^/][^/]*$%%'` # can't rely on dirname
>
> test -d "$db_dir" || continue
> - test -w "$db_dir" || { echo "$progname: $db_dir: directory not writable. Skipping..." >&2; continue; }
> + test -w "$db_dir" || { echo "$progname: $db_dir: directory not writable. But try anyway..." >&2; }
>
> if test ! -f "$db_file"; then
> cp /dev/null "$db_file"
>
> Does this have security problem? If so, is there any
> solution or I overlooked something essential?
I don't see any security problem (but I'm not an expert in
this). However, you could instead
- test for the existense of an old ls-R file
- if there's one, skip that test (the test -w "$db_file", some lines
below, is sufficient in that case)
- if there's none, test if we may create one as before - if we can't,
continue is the right thing to do.
test -f "$db_file" || test -w "$db_dir" || \
{ echo "$progname: $db_dir: directory not writable. Skipping..." >&2; continue; }
would do the trick, I think.
Bye, Frank
--
Frank Küster, Biozentrum der Univ. Basel
Abt. Biophysikalische Chemie
Reply to: