Copyright (C) 2000-2012 |
GNU Info (kpathsea.info)SecuritySecurity ======== None of the programs in the TeX system require any special system privileges, so there's no first-level security concern of people gaining illegitimate root access. A TeX document, however, can write to arbitrary files, e.g., `~/.rhosts', and thus an unwitting user who runs TeX on a random document is vulnerable to a trojan horse attack. This loophole is closed by default, but you can be permissive if you so desire in `texmf.cnf'. Note: tex invocation. MetaPost has the same issue. Dvips, Xdvi, and TeX can also execute shell commands under some circumstances. To disable this, see the `-R' option in Note: Option details, the xdvi man page, and Note: tex invocation, respectively. Another security issue arises because it's very useful--almost necessary--to make arbitrary fonts on user demand with `mktexpk' and friends. Where do these files get installed? By default, the `mktexpk' distributed with Kpathsea assumes a world-writable `/var/tmp' directory; this is a simple and convenient approach, but it may not suit your situation because it means that a local cache of fonts is created on every machine. To avoid this duplication, many people consider a shared, globally writable font tree desirable, in spite of the potential security problems. To do this you should change the value of `VARTEXFONTS' in `texmf.cnf' to refer to some globally known directory. Note: mktex configuration. The first restriction you can apply is to make newly-created directories under `texmf' be append-only with an option in `mktex.cnf'. Note: mktex configuration. Another approach is to establish a group (or user) for TeX files, make the `texmf' tree writable only to that group (or user), and make `mktexpk' et al. setgid to that group (or setuid to that user). Then users must invoke the scripts to install things. (If you're worried about the inevitable security holes in scripts, then you could write a C wrapper to exec the script.) The `mktex...' scripts install files with the same read and write permissions as the directory they are installed in. The executable, sgid, suid, and sticky bits are always cleared. Any directories created by the `mktex...' scripts have the same permissions as their parent directory, unless the `appendonlydir' feature is used, in which case the sticky bit is always set. automatically generated by info2www version 1.2.2.9 |