Hello, What directories in luatex-cache should be world writable? It seems to me, at least some sub-dirs in $TEXMFCACHE/luatex-cache/context/XXX/fonts And do these world writable directories present any security risk? (For example: user A writes some evil code into file $TEXMFCACHE/luatex-cache/context/XXX/fonts/otf/file.otf that makes user B remove all his files when running "texexec --luatex document.tex") Cheers, Peter -- http://pmrb.free.fr/contact/
Peter Münster wrote:
Hello,
What directories in luatex-cache should be world writable? It seems to me, at least some sub-dirs in $TEXMFCACHE/luatex-cache/context/XXX/fonts
the whole cache
And do these world writable directories present any security risk? (For example: user A writes some evil code into file $TEXMFCACHE/luatex-cache/context/XXX/fonts/otf/file.otf that makes user B remove all his files when running "texexec --luatex document.tex")
you can use a cache in your home path and make that country or city writable Hans ----------------------------------------------------------------- Hans Hagen | PRAGMA ADE Ridderstraat 27 | 8061 GH Hasselt | The Netherlands tel: 038 477 53 69 | fax: 038 477 53 74 | www.pragma-ade.com | www.pragma-pod.nl -----------------------------------------------------------------
On Wed, Jan 09, 2008 at 10:47:16PM +0100, Hans Hagen wrote:
And do these world writable directories present any security risk? (For example: user A writes some evil code into file $TEXMFCACHE/luatex-cache/context/XXX/fonts/otf/file.otf that makes user B remove all his files when running "texexec --luatex document.tex")
you can use a cache in your home path and make that country or city writable
So you mean, there is a security risk, luatex does not check its input and arbitrary code can be executed? The disadvantage of one cache per user is, that everybody needs to regenerate the formats after an update, since the formats are also placed there... Cheers, Peter (it was just a question out of curiosity, on my systems, there are no evil users of course ;) -- http://pmrb.free.fr/contact/
Peter Münster wrote:
(it was just a question out of curiosity, on my systems, there are no evil users of course ;)
well, in principle one can use traditional tex for evil things too since it can write files Hans ----------------------------------------------------------------- Hans Hagen | PRAGMA ADE Ridderstraat 27 | 8061 GH Hasselt | The Netherlands tel: 038 477 53 69 | fax: 038 477 53 74 | www.pragma-ade.com | www.pragma-pod.nl -----------------------------------------------------------------
participants (2)
-
Hans Hagen -
Peter Münster