Ralf Stubner wrote:
> On Sat, Sep 30, 2006 at 18:12 +0100, Thiemo Seufer wrote:
> > Frank Küster wrote:
> > > Thiemo Seufer <[EMAIL PROTECTED]> wrote:
> > > >
> > > > So, if I understand that correctly, the bug was fixed by running mktexmf
> > > > as non-root, and the change of the cache location is only a collateral.
> > >
> > > No, or I do not understand what you mean.
> >
> > I meant the the earlier security bug you mentioned. To me, the solution
> > for the earlier bug as well as the current one looks like keeping the
> > font cache in /var but maintaining it via a mktexmf user.
>
> The problem is that mktexmf is a shell script (=no suid possible) that
> is started with the rights of the user. So the former solution required
> all users that wanted to use TeX to have write access below
> /var/cache/fonts.
Then I fail to understand
a) why the old solution was a security problem when it does something
similiar to e.g. /var/mail, and leaves the root-reserved part of
the filesystem free,
b) why moving the cache to $HOME or /tmp fixed the problem, given
that all three probably reside on the same partition.
Thiemo
