On Thu, May 11, 2006 at 04:45:52PM +0200, Frank K??ster wrote:
> > Isn't it possible to create a tex user and have that user (via setuid
> > binaries) manage the shared data in a safe way?
>
> Never thought about that. Yes, it seems possible, but it's *not*
> trivial. The executables that are called to generate the fonts are
> simple shell scripts, and setuid shell scripts aren't possible on Linux
> (and you don't want them, anyway). The shell scripts call mf, a real
> binary, but this is also meant to be used directly and can't be setuid.
That was my target when writing the libkpathsea-perl package:
reimplement the mktex* scripts in Perl and then have them be
setuid/setgid (or more likely now, as suidperl is deprecated, have a
compiled setuid/gid wrapper call the Perl scripts).
A simple way to do it without the Perl stuff is just to move the shell
scripts to /usr/share/tex or wherever and replace them with setuid/gid
compiled wrappers.
The difficulty is more subtle, though: since the contents of texmf.cnf
and environment variables can significantly affect the behaviour of
the scripts, it must be determined which of the following is the case:
(1) The generated files will be identical both in generation (using
only system files) and in intended destination path (filename +
path) whether or not the user's configuration is read --> can run
as setuid/gid with all user configuration cleaned up
(2) The generated files will be installed in a personal location if
run with the user's configuration --> run as user
(3) The generated files will be distinct or have distinct system-wide
locations depending upon whether or not the user's configuration
is used --> either give up with an error message, or ignore the
user's configuration and run setuid/gid with an appropriate
warning message
But distinguishing between (1) and (3), in general, means running the
whole mktex* script and looking at all files used throughout the
process. And a user might be unhappy about having their local changes
ignored ....
Julian
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
