www.delorie.com/gnu/docs/octave/kpathsea_26.html   search  
 
Buy GNU books!


Kpathsea: A library for path searching

[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

2.3 Security

None of the programs in the TeX system require any special system privileges, so there's no first-level security concern of people gaining illegitimate root access.

A TeX document, however, can write to arbitrary files, e.g., `~/.rhosts', and thus an unwitting user who runs TeX on a random document is vulnerable to a trojan horse attack. This loophole is closed by default, but you can be permissive if you so desire in `texmf.cnf'. See section `tex invocation' in Web2c. MetaPost has the same issue.

Dvips, Xdvi, and TeX can also execute shell commands under some circumstances. To disable this, see the `-R' option in section `Option details' in Dvips, the xdvi man page, and section `tex invocation' in Web2c, respectively.

Another security issue arises because it's very useful--almost necessary--to make arbitrary fonts on user demand with mktexpk and friends. Where do these files get installed? By default, the mktexpk distributed with Kpathsea assumes a world-writable `/var/tmp' directory; this is a simple and convenient approach, but it may not suit your situation because it means that a local cache of fonts is created on every machine.

To avoid this duplication, many people consider a shared, globally writable font tree desirable, in spite of the potential security problems. To do this you should change the value of VARTEXFONTS in `texmf.cnf' to refer to some globally known directory. See section 2.2.9.1 `mktex' configuration.

The first restriction you can apply is to make newly-created directories under `texmf' be append-only with an option in `mktex.cnf'. See section 2.2.9.1 `mktex' configuration.

Another approach is to establish a group (or user) for TeX files, make the `texmf' tree writable only to that group (or user), and make mktexpk et al. setgid to that group (or setuid to that user). Then users must invoke the scripts to install things. (If you're worried about the inevitable security holes in scripts, then you could write a C wrapper to exec the script.)

The `mktex...' scripts install files with the same read and write permissions as the directory they are installed in. The executable, sgid, suid, and sticky bits are always cleared.

Any directories created by the `mktex...' scripts have the same permissions as their parent directory, unless the appendonlydir feature is used, in which case the sticky bit is always set.


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

  webmaster     delorie software   privacy  
  Copyright 2003   by The Free Software Foundation     Updated Jun 2003