First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 204433
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: TeX herd <tex@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: alpiturchi <cazzantonio@gmail.com>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 204433 depends on: Show dependency tree
Bug 204433 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2008-01-05 15:14 0000 
/var/cache/fonts is world writable since tex needs this to create font cache.
Having such a directory world writable can be a security risk.
This can be solved simply creating a group "texusers", and giving write access
to /var/cache/fonts only to that group.
The only downside would be that users that need to use tex (and willing to use
font cache feature) would be required to belong such a group.

Reproducible: Always

------- Comment #1 From Jakub Moc (RETIRED) 2008-01-05 15:29:11 0000 ------- 
I don't see anything in tetex stuff that'd create that dir world writable...

------- Comment #2 From Alexis Ballier 2008-01-05 15:33:10 0000 ------- 
this is done in texmf-update, this is a known one, there are docs in kpathsea
about it that says the "security" risk is very low.
There are other issues aswell.

see:
http://groups.google.com/group/linux.gentoo.dev/browse_thread/thread/bf2e58fe200c0676/b72be3596cd2eb31

------- Comment #3 From Alexis Ballier 2008-09-07 22:12:15 0000 ------- 
(In reply to comment #2)
> this is done in texmf-update, this is a known one

forced /var/cache/fonts to be world writable will be dropped from texlive 2008


> There are other issues aswell.

which should all be fixed by now

------- Comment #4 From Alexis Ballier 2008-09-22 19:05:43 0000 ------- 
(In reply to comment #3)
> (In reply to comment #2)
> > this is done in texmf-update, this is a known one
> 
> forced /var/cache/fonts to be world writable will be dropped from texlive 2008

now tl2008 is in the tree, still masked though, let's close this one anyway so
that I can keep track easily of unfixed bugs.
First Last Prev Next    No search results available      Search page      Enter new bug