The main reason I didn't want to have mktex{mf,tfm,pk} be setuid is
because they run all sorts of different programs - metafont, gsftopk,
etc. - which can (IIRC) be replaced by the user. Even if they can't,
their inputs can, and the inputs are turing-complete macro languages.
If
On Fri, 14 May 1999 19:04:01 +0100 (BST), Julian Gilbey wrote:
On Thu, 13 May 1999 15:02:40 +0100 (BST), Julian Gilbey wrote:
Glad to hear all of this. I just have one comment:
- The mktexlsr, mktexdir and mktexupd scripts must not be setuid.
If they are, anyone could run them,
And having mktex{mf,tfm,pk}
writing to a scratch directory defeats the purpose of making the fonts
directory read only, as anyone could then create a corrupt font file
in the scratch directory and run mktexupd.
This is a problem, but isn't there some simple, efficient way to
On Sun, 16 May 1999 21:31:14 +0100 (BST), Julian Gilbey wrote:
And having mktex{mf,tfm,pk}
writing to a scratch directory defeats the purpose of making the fonts
directory read only, as anyone could then create a corrupt font file
in the scratch directory and run mktexupd.
This is a
On Thu, 13 May 1999 15:02:40 +0100 (BST), Julian Gilbey wrote:
Glad to hear all of this. I just have one comment:
- The mktexlsr, mktexdir and mktexupd scripts must not be setuid.
If they are, anyone could run them, which is unnecessary. Any
extra privileges they require
On Thu, 13 May 1999 15:02:40 +0100 (BST), Julian Gilbey wrote:
Glad to hear all of this. I just have one comment:
- The mktexlsr, mktexdir and mktexupd scripts must not be setuid.
If they are, anyone could run them, which is unnecessary. Any
extra privileges they require will be
[Cc'ing to -devel]
Package: tetex-base
Version: 0.9.990406-1
Out of the box, /var/spool/texmf/ls-R is owned by root and mode 644.
Therefore all font generation operations get an error:
/usr/share/texmf/web2c/mktexupd: /var/spool/texmf/ls-R unwritable.
Changing it to mode 666 works
On Thu, 13 May 1999 11:25:10 +0100 (BST), Julian Gilbey wrote:
[Cc'ing to -devel]
Package: tetex-base
Version: 0.9.990406-1
Out of the box, /var/spool/texmf/ls-R is owned by root and mode 644.
Therefore all font generation operations get an error:
/usr/share/texmf/web2c/mktexupd:
Glad to hear all of this. I just have one comment:
- The mktexlsr, mktexdir and mktexupd scripts must not be setuid.
If they are, anyone could run them, which is unnecessary. Any
extra privileges they require will be gained when they are called
from other setuid processes.
9 matches
Mail list logo