[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#392586: tetex-bin: Insecure $ENV{PATH} while running setuid at /usr/bin/epstopdf line 211.

Package: tetex-bin
Version: 3.0-19
Severity: normal


I use epstopdf in a setuid script (backend for cups, needs access to 
some directories), and get the error above.

Solution was to add the line
$ENV{"PATH"}    = "/usr/bin:/usr/sbin:/bin:/usr/bin";
in /usr/bin/epstopdf.

Greetings

tilo

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages tetex-bin depends on:
ii  debconf [debconf-2.0]       1.5.5        Debian configuration management sy
ii  debianutils                 2.17.3       Miscellaneous utilities specific t
ii  dpkg                        1.13.22      package maintenance system for Deb
ii  ed                          0.2-20       The classic unix line editor
ii  libc6                       2.3.6.ds1-5  GNU C Library: Shared libraries
ii  libfontconfig1              2.4.1-2      generic font configuration library
ii  libfreetype6                2.2.1-5      FreeType 2 font engine, shared lib
ii  libgcc1                     1:4.1.1-15   GCC support library
ii  libice6                     1:1.0.1-2    X11 Inter-Client Exchange library
ii  libjpeg62                   6b-13        The Independent JPEG Group's JPEG 
ii  libkpathsea4                3.0-19       path search library for teTeX (run
ii  libpaper1                   1.1.20       Library for handling paper charact
ii  libpng12-0                  1.2.8rel-5.2 PNG library - runtime
ii  libpoppler0c2               0.4.5-4.1    PDF rendering library
ii  libsm6                      1:1.0.1-3    X11 Session Management library
ii  libstdc++6                  4.1.1-15     The GNU Standard C++ Library v3
ii  libt1-5                     5.1.0-2      Type 1 font rasterizer library - r
ii  libx11-6                    2:1.0.0-9    X11 client-side library
ii  libxaw7                     1:1.0.2-4    X11 Athena Widget library
ii  libxext6                    1:1.0.1-2    X11 miscellaneous extension librar
ii  libxmu6                     1:1.0.2-2    X11 miscellaneous utility library
ii  libxpm4                     1:3.5.5-2    X11 pixmap library
ii  libxt6                      1:1.0.2-2    X11 toolkit intrinsics library
ii  mime-support                3.37-1       MIME files 'mime.types' & 'mailcap
ii  perl                        5.8.8-6.1    Larry Wall's Practical Extraction 
ii  sed                         4.1.5-1      The GNU sed stream editor
ii  tetex-base                  3.0-23       Basic TeX input files of teTeX
ii  ucf                         2.0015       Update Configuration File: preserv
ii  whiptail                    0.52.2-8     Displays user-friendly dialog boxe
ii  zlib1g                      1:1.2.3-13   compression library - runtime

Versions of packages tetex-bin recommends:
ii  libxml-parser-perl           2.34-4.2    Perl module for parsing XML files
ii  perl-tk                      1:804.027-7 Perl module providing the Tk graph
ii  psutils                      1.17-23     A collection of PostScript documen

Versions of packages tetex-base depends on:
ii  tex-common                    0.31       Common infrastructure for using an
ii  ucf                           2.0015     Update Configuration File: preserv

-- no debconf information
Reply to: