On Wed, 13 Sep 2000, John Levon wrote:
> On Wed, 13 Sep 2000, Arnd Hanses wrote:
>
> How would this even be possible ? We are discussing the safety of gettext
> calls, the only way this could be a problem is if a) someone made LyX suid
> or b) someone used LyX in a suid app
Or c) user root using LyX. But remember that security also means
protecting user privacity.
> The only security concerns I can see for LyX is /tmp races if LyX is
> run as root, or a privileged user of some sort, and the
> attachment/macro virus stuff, which I believe the interested parties
> are very very aware of ;)
The /tmp races could be avoided by creating a temporary directory, say
~/.lyx/tmp and using it instead of /tmp. I personally dislike the use of a
globally writable directory and consider this one of the main flaws in
most of the UNIX utilities.
Unless I use "umask 077" in my .profile, for example, LyX creates it's
temporary files and directories under /tmp with global read permission, so
any user in my system can "cd /tmp/lyx_tmp5289aaa/lyx_bufrtmp5289aaa" and
read the contents of any file. This may not be good if I'm writing my
future plans for total domination. :-)
One alternative is install LyX under it's own directory tree by
configurin it with "--prefix=/usr/local/lyx" and create a script named
/usr/local/bin/lyx containing
#!/bin/sh
# protect privacity of lyx_tmp*
umask 077
exec /usr/local/lyx/bin/lyx "$@"
This works well, but has a drawback: all files created LyX will be go-rwx,
even those under the home directory.
--
Carlos A. M. dos Santos
Federal University of Pelotas Meteorological Research Center
Av. Ildefonso Simoes Lopes 2791 Pelotas, RS, Brasil, CEP 96060-290
WWW: http://www.cpmet.ufpel.tche.br RENPAC (X.25): 153231641
Phone: +55 53 277-6767 FAX: +55 53 277-6722
