On Thu, 15 Jun 2000, Karsten Tinnefeld wrote:
> In general, only three ways can really help, where at my site, version
> 3 is the preferred ones to our system administrators:
>
> + Turn everythink into a taint checking perl script, or, even more secure, a
> c program.
>
> + Use a setuid-manager to run under a restricted root account.
>
> + Make the database directories writable to some non-privileged user who
> texhashes regularly. Maybe create a pseudo account for this.
This third option really makes the most sense. The first two require
considerable effort, which defeats the purpose packages like teTeX that
are intended to do some useful work but clearly do not get the level of
development effort needed to implement the level of security needed
on many systems. Either of the first two options makes it harder to
implement changes and, in the event of a disaster, makes it harder to
track down the causes.
> --
> Karsten Tinnefeld [EMAIL PROTECTED]
> Fachbereich Informatik, Lehrstuhl 2 T +49 231 755-4737
> Universität Dortmund, D-44221 Dortmund, Deutschland F +49 231 755-2047
--
George White <[EMAIL PROTECTED]> Halifax, Nova Scotia
