On Jan 16, Tomas G. Rokicki wrote:
> Dvips has *always* searched in the current directory first for virtually
> all files, config files, tfm files, vf files, figure files, header files,
> etc. So all the blame on that goes to me. This was intended as a
> feature; users sometimes want to override something, much like TeX
> searches for input files starting in the current directory and then
> moving on to the system directories and so on.
not a problem for "regular" files (TFM/PS/..). for file content, the normal
file permissions/ownership is enough.
only config files with "external commands" and (or specs for output filenames etc.)
are special...
> >From a security standpoint, this is clearly bad, as you say. But I'm
> not sure disabling search for config files in . is, at this point,
> a great solution. I'm sure many people use this extensively, and
neither do I
> we will totally break them if we make this change. For instance, what
> about .dvipsrc, which is *intended* as a place for the user to specify
> default config options for dvips, and it is searched for in $HOME,
> which is often the current working directory of people running dvips
> as well?
only some options shouldn't be allowed from "untrusted" config file.
setup for search paths for reading, printer data (paper size, resolution)
can still be defined by the user. only "o ..." option and maybe others
need to be blocked.
I just thought about trusting config.ps files, if I (user running dvips)
is the file owner. again bad idea, at least on SYSV boxes -- there
BadGuy just needs to run "chown GoodGuy /tmp/config.ps" and you're in trouble again:(
Harald Koenig
--
"I hope to die ___ _____
before I *have* to use Microsoft Word.", 0--,| /OOOOOOO\
Donald E. Knuth, 02-Oct-2001 in Tuebingen. <_/ / /OOOOOOOOOOO\
\ \/OOOOOOOOOOOOOOO\
\ OOOOOOOOOOOOOOOOO|//
Harald Koenig \/\/\/\/\/\/\/\/\/
science+computing ag // / \\ \
[EMAIL PROTECTED] ^^^^^ ^^^^^
