On Sat, Sep 30, 2006 at 18:12 +0100, Thiemo Seufer wrote: > Frank Küster wrote: > > Thiemo Seufer <[EMAIL PROTECTED]> wrote: > > > > > > So, if I understand that correctly, the bug was fixed by running mktexmf > > > as non-root, and the change of the cache location is only a collateral. > > > > No, or I do not understand what you mean. > > I meant the the earlier security bug you mentioned. To me, the solution > for the earlier bug as well as the current one looks like keeping the > font cache in /var but maintaining it via a mktexmf user.
The problem is that mktexmf is a shell script (=no suid possible) that is started with the rights of the user. So the former solution required all users that wanted to use TeX to have write access below /var/cache/fonts. In addition for buildds the default now-questions- asked installation had to have directories below /var/cache/fonts with world write access. We had a system to restrict these rights to some group, but the debconf question and code were quite complicated and confused many users. cheerio ralf