www.fifi.org
    Documentation
        Manpages
        GNU Info
        Debian document tree
        Whole document tree
    Trigance web page
    Public services
    User info
    Mailing lists
    Secure server
    Multilingual usage
 

Copyright (C) 2000-2012
Philippe Troin
<webmaster@fifi.org>.

Validate HTML
Validate CSS

    

GNU Info

Info Node: (kpathsea.info)Security

(kpathsea.info)Security

Next: TeX directory structure Prev: Custom installation Up: Installation
Enter node , (file) or (file)node 

Security
========

  None of the programs in the TeX system require any special system
privileges, so there's no first-level security concern of people gaining
illegitimate root access.

  A TeX document, however, can write to arbitrary files, e.g.,
`~/.rhosts', and thus an unwitting user who runs TeX on a random
document is vulnerable to a trojan horse attack.  This loophole is
closed by default, but you can be permissive if you so desire in
`texmf.cnf'.  Note: tex invocation.  MetaPost has
the same issue.

  Dvips, Xdvi, and TeX can also execute shell commands under some
circumstances.  To disable this, see the `-R' option in Note: Option
details, the xdvi man page, and Note: tex
invocation, respectively.

  Another security issue arises because it's very useful--almost
necessary--to make arbitrary fonts on user demand with `mktexpk' and
friends.  Where do these files get installed?  By default, the
`mktexpk' distributed with Kpathsea assumes a world-writable `/var/tmp'
directory; this is a simple and convenient approach, but it may not
suit your situation because it means that a local cache of fonts is
created on every machine.

  To avoid this duplication, many people consider a shared, globally
writable font tree desirable, in spite of the potential security
problems.  To do this you should change the value of `VARTEXFONTS' in
`texmf.cnf' to refer to some globally known directory.  Note: mktex
configuration.

  The first restriction you can apply is to make newly-created
directories under `texmf' be append-only with an option in `mktex.cnf'.
Note: mktex configuration.

  Another approach is to establish a group (or user) for TeX files,
make the `texmf' tree writable only to that group (or user), and make
`mktexpk' et al. setgid to that group (or setuid to that user).  Then
users must invoke the scripts to install things.  (If you're worried
about the inevitable security holes in scripts, then you could write a
C wrapper to exec the script.)

  The `mktex...' scripts install files with the same read and write
permissions as the directory they are installed in.  The executable,
sgid, suid, and sticky bits are always cleared.

  Any directories created by the `mktex...' scripts have the same
permissions as their parent directory, unless the `appendonlydir'
feature is used, in which case the sticky bit is always set.
automatically generated by info2www version 1.2.2.9