Bug#203532: tetex-extra: permissions of ls-R wrong

[frank@kuesterei.ch (Frank Küster)]

Atsuhito Kohda <kohda@pm.tokushima-u.ac.jp> schrieb:

> I have a question.  With this patch, I tested mktexlsr
> and found that this patch fixed the cron's problem #198549
> but didn't fix #198546.
>
> I suspect that the following modification is necessary.
>
> --- mktexlsr.orig       2003-08-19 12:30:22.000000000 +0900
> +++ mktexlsr    2003-08-19 14:51:28.000000000 +0900
> @@ -80,7 +80,7 @@
>    db_dir=`echo "$db_file" | sed 's%/[^/][^/]*$%%'` # can't rely on dirname
>
>    test -d "$db_dir" || continue
> -  test -w "$db_dir" || { echo "$progname: $db_dir: directory not writable. Skipping..." >&2; continue; }
> +  test -w "$db_dir" || { echo "$progname: $db_dir: directory not writable. But try anyway..." >&2; }
>
>    if test ! -f "$db_file"; then
>      cp /dev/null "$db_file"
>
> Does this have security problem?  If so, is there any
> solution or I overlooked something essential?

I don't see any security problem (but I'm not an expert in
this). However, you could instead

- test for the existense of an old ls-R file

- if there's one, skip that test (the test -w "$db_file", some lines
  below, is sufficient in that case)

- if there's none, test if we may create one as before - if we can't,
  continue is the right thing to do.

test -f "$db_file" || test -w "$db_dir" || \
      { echo "$progname: $db_dir: directory not writable. Skipping..." >&2; continue; }

would do the trick, I think.

Bye, Frank
-- 
Frank Küster, Biozentrum der Univ. Basel
Abt. Biophysikalische Chemie