Bug#1029913: Fwd: Bug#1029913: texlive-pictures: /usr/share/texlive/texmf-dist/scripts/epspdf/epspdf.tlu: /tmp write vulnerability
On 2/15/23 18:51, Frank Heckenbach wrote:
Hi Frank,
Of course, chdir into /tmp is a bit risky as any file creation
before the next chdir would be susceptible to the same problem, but
I assume you made sure this won't happen.
BTW, when looked at the changes made, I noticed this:
io.stdout:write('cannot cd into '..d..'\n')
I don't know much about Lua conventions, but normally I'd expect
such messages to be written to stderr, not stdout.
If you think there are still things, which needs to be improved, please
be so kind to open a new bug with lower severity. This one is closed and
will get archived soon.
Hilmar
--
Testmail
Bug#1029913: Fwd: Bug#1029913: texlive-pictures: /usr/share/texlive/texmf-dist/scripts/epspdf/epspdf.tlu: /tmp write vulnerability
Siep Kroonenberg wrote:
> The problem was that the test was specifically for a file rather
> than for any filesystem item.
>
> In the updated TL package, the test has been removed altogether
> since there was already a later test for successful generation of a
> temp subdirectory.
>
> The updated package is now available as both a CTAN package and a TL
> package.
I tried it, and it fixes the problem as I reported.
Of course, chdir into /tmp is a bit risky as any file creation
before the next chdir would be susceptible to the same problem, but
I assume you made sure this won't happen.
BTW, when looked at the changes made, I noticed this:
io.stdout:write('cannot cd into '..d..'\n')
I don't know much about Lua conventions, but normally I'd expect
such messages to be written to stderr, not stdout.
