[tex-k] Kpathsea and SUID/SGID programs
Olaf Weber
olaf at infovore.xs4all.nl
Mon May 17 22:53:17 CEST 2004
Jan Vida writes:
> Hello
> While working for my school project I've found that kpathsea doesn't
> handle well SUID and SGID programs. The problem lies in the function
> kpse_readable_file() in file readable.c, which checks permissions for
> found files. It relies on the system function access() (via macro
> READABLE). Unfortunately, this call doesn't take into account rights
> gained by the SUID/SGID mechanism and so might fail, even when the calling
> program does in fact have the right to read the found file.
It is arguable whether this is a feature or a bug. This gets into the
area of what security model libkpathsea should be supporting, which is
something that hasn't been really worked out.
--
Olaf Weber
(This space left blank for technical reasons.)
More information about the tex-k
mailing list