[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: metafont security

On Tue, Jun 06, 2006 at 09:32 +0200, Frank Küster wrote:
> Ralf Stubner <ralf.stubner@web.de> wrote:
> 
> > openout_any = p
> > openin_any = a
> >
> > However, metafont does not semm to honour these settings. I still think
> > that working in a world writable directory is a bad idea. But a RFE for
> > metafont might still make sense.
> 
> Will you file a bug, maybe also a Debian bug so that we won't forget?

I meanwhile think this sort of security measures aren't applicable to
metafont. First of all, they do not protect TeX against symlink attacks,
which is what we are after here. Second, AFAIK metafont does not have
the ability to write to arbitrary files. And while it can read any file,
it interprets them as metafont input. Hence while '\input /etc/passwd'
can be a real thread in some situations for people running TeX, I see no
such problem with metafont.

IMO the result of this secrity discussion is that people should not use
TeX in a world writeable directory. The reason for this being symlink
attacks against TeX or metafont. Everything else seems to be fine. In
particular a world writable VARTEXFONTS does not introduce any security
problems.

cheerio
ralf
Reply to: