[subversion-commit] SVN tex-common commit + diffs: r899 - tex-common/trunk/debian

Fri, 17 Feb 2006 01:53:09 -0800 

Author: frank
Date: 2006-02-17 09:52:43 +0000 (Fri, 17 Feb 2006)
New Revision: 899

Added:
   tex-common/trunk/debian/README.Debian
Modified:
   tex-common/trunk/debian/postinst.in
Log:
- do manage ls-R permissions/ownership if it is present
- add a README.Debian to document the security concerns

Added: tex-common/trunk/debian/README.Debian
===================================================================
--- tex-common/trunk/debian/README.Debian       2006-02-16 17:00:16 UTC (rev 
898)
+++ tex-common/trunk/debian/README.Debian       2006-02-17 09:52:43 UTC (rev 
899)
@@ -0,0 +1,20 @@
+
+Security information:
+=====================
+
+By default and according to long-standing tradition, the TeX font
+cache directory /var/cache/fonts is writable by the "users" group.
+Since this allows every group member to create arbitrary files on the
+/var partition, this might be a security risk, depending on local
+requirements and policy.
+
+If you don't like this, use "dpkg-reconfigure tex-common" to switch
+group ownership of the directory to a different group, or remove the
+group write permission.  In this case, the local administrator should
+probably fill the font cache, using the commands "allneeded" or
+"allcm" and "allec" in the teTeX or TeXlive packages.
+
+Alternatively, you could put /var/cache/fonts on a different
+partition, e.g. using bind-mount.
+
+ -- Frank K�ster <[EMAIL PROTECTED]>, Fri Feb 17 10:53:28 2006

Modified: tex-common/trunk/debian/postinst.in
===================================================================
--- tex-common/trunk/debian/postinst.in 2006-02-16 17:00:16 UTC (rev 898)
+++ tex-common/trunk/debian/postinst.in 2006-02-17 09:52:43 UTC (rev 899)
@@ -121,9 +121,13 @@
       db_get tex-common/groupname || true
       GROUP="$RET"
       if [ -n "$GROUP" ] ; then
-       echo -n "Adjusting permissions of TeX font cache ... "
+       echo -n "Adjusting permissions of TeX font cache... "
         find /var/cache/fonts -type d -print0 | xargs -0r chmod 
$FONTCACHE_PERMS
        find /var/cache/fonts -type d -print0 | xargs -0r chown "root:$GROUP"
+       if [ -f /var/cache/fonts/ls-R ]; then
+         chmod 664 /var/cache/fonts/ls-R
+         chown "root:$GROUP" /var/cache/fonts/ls-R
+       fi
        echo "done."
       fi
     fi


_______________________________________________
Pkg-tetex-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/pkg-tetex-commits

Reply via email to