Bug#392586: tetex-bin: Insecure $ENV{PATH} while running setuid at /usr/bin/epstopdf line 211.
Package: tetex-bin
Version: 3.0-19
Severity: normal
I use epstopdf in a setuid script (backend for cups, needs access to
some directories), and get the error above.
Solution was to add the line
$ENV{"PATH"} = "/usr/bin:/usr/sbin:/bin:/usr/bin";
in /usr/bin/epstopdf.
Greetings
tilo
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages tetex-bin depends on:
ii debconf [debconf-2.0] 1.5.5 Debian configuration management sy
ii debianutils 2.17.3 Miscellaneous utilities specific t
ii dpkg 1.13.22 package maintenance system for Deb
ii ed 0.2-20 The classic unix line editor
ii libc6 2.3.6.ds1-5 GNU C Library: Shared libraries
ii libfontconfig1 2.4.1-2 generic font configuration library
ii libfreetype6 2.2.1-5 FreeType 2 font engine, shared lib
ii libgcc1 1:4.1.1-15 GCC support library
ii libice6 1:1.0.1-2 X11 Inter-Client Exchange library
ii libjpeg62 6b-13 The Independent JPEG Group's JPEG
ii libkpathsea4 3.0-19 path search library for teTeX (run
ii libpaper1 1.1.20 Library for handling paper charact
ii libpng12-0 1.2.8rel-5.2 PNG library - runtime
ii libpoppler0c2 0.4.5-4.1 PDF rendering library
ii libsm6 1:1.0.1-3 X11 Session Management library
ii libstdc++6 4.1.1-15 The GNU Standard C++ Library v3
ii libt1-5 5.1.0-2 Type 1 font rasterizer library - r
ii libx11-6 2:1.0.0-9 X11 client-side library
ii libxaw7 1:1.0.2-4 X11 Athena Widget library
ii libxext6 1:1.0.1-2 X11 miscellaneous extension librar
ii libxmu6 1:1.0.2-2 X11 miscellaneous utility library
ii libxpm4 1:3.5.5-2 X11 pixmap library
ii libxt6 1:1.0.2-2 X11 toolkit intrinsics library
ii mime-support 3.37-1 MIME files 'mime.types' & 'mailcap
ii perl 5.8.8-6.1 Larry Wall's Practical Extraction
ii sed 4.1.5-1 The GNU sed stream editor
ii tetex-base 3.0-23 Basic TeX input files of teTeX
ii ucf 2.0015 Update Configuration File: preserv
ii whiptail 0.52.2-8 Displays user-friendly dialog boxe
ii zlib1g 1:1.2.3-13 compression library - runtime
Versions of packages tetex-bin recommends:
ii libxml-parser-perl 2.34-4.2 Perl module for parsing XML files
ii perl-tk 1:804.027-7 Perl module providing the Tk graph
ii psutils 1.17-23 A collection of PostScript documen
Versions of packages tetex-base depends on:
ii tex-common 0.31 Common infrastructure for using an
ii ucf 2.0015 Update Configuration File: preserv
-- no debconf information
Reply to: