On Mon, Oct 02, 2006 at 08:07 +0200, Frank Küster wrote: > > Okay, you are right, indeed this check is already done. So we could > gain some additional security by making sure that the SYSTEXMF variable > is not set in the user environment, but only read from the system-wide > texmf.cnf.
That's non-trivial, though, since the user can alter SYSTEXMF not only via an environment variable but also via a personal texmf.cnf file. And *all* texmf.cnf files that are found will be read. Getting the personal file found could be achieved by setting TEXMFCNF or placing a copy of kpsewhich in HOME/bin, so that HOME/texmf/web2c/texmf.cnf would get found via the SELFAUTOPARENT feature. So besides SYSTEXMF one would also have to control TEXMFCNF and PATH. One could also try to extract SYSTEXMF from the systemwide texmf.cnf file and set an appropriate environment variable, since that would take precedence. But one would have to define that in terms of actual directories, not variables like TEXMFMAIN etc, since a malicious user could redefine those, too. Given all these possibilities, I am quite happy that the possbile threats are not that serious ... cheerio ralf