> The main reason I didn't want to have mktex{mf,tfm,pk} be setuid is
> because they run all sorts of different programs - metafont, gsftopk,
> etc. - which can (IIRC) be replaced by the user. Even if they can't,
> their inputs can, and the inputs are turing-complete macro languages.
> If mktex{mf
On Sun, 16 May 1999 21:31:14 +0100 (BST), Julian Gilbey wrote:
>> >> >And having mktex{mf,tfm,pk}
>> >> >writing to a scratch directory defeats the purpose of making the fonts
>> >> >directory read only, as anyone could then create a corrupt font file
>> >> >in the scratch directory and run mktexup
> >> >And having mktex{mf,tfm,pk}
> >> >writing to a scratch directory defeats the purpose of making the fonts
> >> >directory read only, as anyone could then create a corrupt font file
> >> >in the scratch directory and run mktexupd.
> >>
> >> This is a problem, but isn't there some simple, effic
On Fri, 14 May 1999 19:04:01 +0100 (BST), Julian Gilbey wrote:
>> On Thu, 13 May 1999 15:02:40 +0100 (BST), Julian Gilbey wrote:
>> >> Glad to hear all of this. I just have one comment:
>> >>
>> >> > - The mktexlsr, mktexdir and mktexupd scripts must not be setuid.
>> >> >If they are, anyone
> On Thu, 13 May 1999 15:02:40 +0100 (BST), Julian Gilbey wrote:
> >> Glad to hear all of this. I just have one comment:
> >>
> >> > - The mktexlsr, mktexdir and mktexupd scripts must not be setuid.
> >> >If they are, anyone could run them, which is unnecessary. Any
> >> >extra privileg
On Thu, 13 May 1999 15:02:40 +0100 (BST), Julian Gilbey wrote:
>> Glad to hear all of this. I just have one comment:
>>
>> > - The mktexlsr, mktexdir and mktexupd scripts must not be setuid.
>> >If they are, anyone could run them, which is unnecessary. Any
>> >extra privileges they requ
> Glad to hear all of this. I just have one comment:
>
> > - The mktexlsr, mktexdir and mktexupd scripts must not be setuid.
> >If they are, anyone could run them, which is unnecessary. Any
> >extra privileges they require will be gained when they are called
> >from other setuid pro
On Thu, 13 May 1999 11:25:10 +0100 (BST), Julian Gilbey wrote:
>[Cc'ing to -devel]
>
>> Package: tetex-base
>> Version: 0.9.990406-1
>>
>> Out of the box, /var/spool/texmf/ls-R is owned by root and mode 644.
>> Therefore all font generation operations get an error:
>>
>> /usr/share/texmf/web2c/mk
[Cc'ing to -devel]
> Package: tetex-base
> Version: 0.9.990406-1
>
> Out of the box, /var/spool/texmf/ls-R is owned by root and mode 644.
> Therefore all font generation operations get an error:
>
> /usr/share/texmf/web2c/mktexupd: /var/spool/texmf/ls-R unwritable.
>
> Changing it to mode 666 w
9 matches
Mail list logo
