Bug#392586: marked as done (tetex-bin: Insecure $ENV{PATH} while running setuid at /usr/bin/epstopdf line 211.)
Your message dated Wed, 06 Dec 2006 19:16:16 +0100
with message-id <8664coritr.fsf@alhambra.kuesterei.ch>
and subject line Bug#392586: tetex-bin: Insecure $ENV{PATH} while running setuid at /usr/bin/epstopdf line 211.
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: tetex-bin: Insecure $ENV{PATH} while running setuid at /usr/bin/epstopdf line 211.
- From: "Dr. Tilo Levante" <tilo@zro.zahoransky.com>
- Date: Thu, 12 Oct 2006 14:18:18 +0200
- Message-id: <20061012121818.20894.66994.reportbug@localhost.localdomain>
Package: tetex-bin
Version: 3.0-19
Severity: normal
I use epstopdf in a setuid script (backend for cups, needs access to
some directories), and get the error above.
Solution was to add the line
$ENV{"PATH"} = "/usr/bin:/usr/sbin:/bin:/usr/bin";
in /usr/bin/epstopdf.
Greetings
tilo
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages tetex-bin depends on:
ii debconf [debconf-2.0] 1.5.5 Debian configuration management sy
ii debianutils 2.17.3 Miscellaneous utilities specific t
ii dpkg 1.13.22 package maintenance system for Deb
ii ed 0.2-20 The classic unix line editor
ii libc6 2.3.6.ds1-5 GNU C Library: Shared libraries
ii libfontconfig1 2.4.1-2 generic font configuration library
ii libfreetype6 2.2.1-5 FreeType 2 font engine, shared lib
ii libgcc1 1:4.1.1-15 GCC support library
ii libice6 1:1.0.1-2 X11 Inter-Client Exchange library
ii libjpeg62 6b-13 The Independent JPEG Group's JPEG
ii libkpathsea4 3.0-19 path search library for teTeX (run
ii libpaper1 1.1.20 Library for handling paper charact
ii libpng12-0 1.2.8rel-5.2 PNG library - runtime
ii libpoppler0c2 0.4.5-4.1 PDF rendering library
ii libsm6 1:1.0.1-3 X11 Session Management library
ii libstdc++6 4.1.1-15 The GNU Standard C++ Library v3
ii libt1-5 5.1.0-2 Type 1 font rasterizer library - r
ii libx11-6 2:1.0.0-9 X11 client-side library
ii libxaw7 1:1.0.2-4 X11 Athena Widget library
ii libxext6 1:1.0.1-2 X11 miscellaneous extension librar
ii libxmu6 1:1.0.2-2 X11 miscellaneous utility library
ii libxpm4 1:3.5.5-2 X11 pixmap library
ii libxt6 1:1.0.2-2 X11 toolkit intrinsics library
ii mime-support 3.37-1 MIME files 'mime.types' & 'mailcap
ii perl 5.8.8-6.1 Larry Wall's Practical Extraction
ii sed 4.1.5-1 The GNU sed stream editor
ii tetex-base 3.0-23 Basic TeX input files of teTeX
ii ucf 2.0015 Update Configuration File: preserv
ii whiptail 0.52.2-8 Displays user-friendly dialog boxe
ii zlib1g 1:1.2.3-13 compression library - runtime
Versions of packages tetex-bin recommends:
ii libxml-parser-perl 2.34-4.2 Perl module for parsing XML files
ii perl-tk 1:804.027-7 Perl module providing the Tk graph
ii psutils 1.17-23 A collection of PostScript documen
Versions of packages tetex-base depends on:
ii tex-common 0.31 Common infrastructure for using an
ii ucf 2.0015 Update Configuration File: preserv
-- no debconf information
--- End Message ---
--- Begin Message ---
- To: 392586-done@bugs.debian.org
- Cc: "Dr. Tilo Levante" <tilo@zro.zahoransky.com>
- Subject: Re: Bug#392586: tetex-bin: Insecure $ENV{PATH} while running setuid at /usr/bin/epstopdf line 211.
- From: Frank Küster <frank@kuesterei.ch>
- Date: Wed, 06 Dec 2006 19:16:16 +0100
- Message-id: <8664coritr.fsf@alhambra.kuesterei.ch>
- In-reply-to: <20061012163135.GA25587@burnside> (Julian Gilbey's message of "Thu\, 12 Oct 2006 17\:31\:35 +0100")
- References: <20061012121818.20894.66994.reportbug@localhost.localdomain> <452E3D23.6060704@physik.uni-erlangen.de> <20061012163135.GA25587@burnside>
Julian Gilbey <jdg@polya.uklinux.net> wrote:
> I agree that this bug should be either closed or reassigned.
Since the submitter didn't indicate that it was a Debian program that
called epstopdf, there's nothing to reassing to, and I'm closing.
Regards, Frank
--
Dr. Frank Küster
Single Molecule Spectroscopy, Protein Folding @ Inst. f. Biochemie, Univ. Zürich
Debian Developer (teTeX/TeXLive)
--- End Message ---
Reply to: