[tex-live] Recommended way to call tlmgr when TeX Live installed with root permissions

Scott Kostyshak skostysh at lyx.org
Sun Aug 31 06:15:16 CEST 2014


On Fri, Aug 29, 2014 at 11:59 PM, Norbert Preining <preining at logic.at> wrote:
> Hi,
>
> On Fri, 29 Aug 2014, Scott Kostyshak wrote:
>> Suppose that TeX Live is installed to /opt/texbin and requires root
>> permissions to call tlmgr to update the installation. What are the
>> recommended ways to call tlmgr? I see two approaches:
>>
>> 1. call it directly: sudo /opt/texbin/tlmgr (or create an alias)
>> 2. add /opt/texbin to root's PATH.
>>
>> (2) seems to be the most convenient option but I imagine it's not a
>> good idea from a security perspective. If this is true, could someone
>> outline a case where this would lead to a security vulnerability?
>
> Both are fine. Why should adding /opt/texbin increase the
> security vulnerability?
>
> If someone is already root, he can call /opt/texbin/whatever
> without having it in the path.

I was thinking more that if an intruder somehow has access to
/opt/texbin (without having full root permissions), they could do
something like put an executable file "ls" in there and thus trick
root into running arbitrary commands (or if PATH precedence would
obviate that, then "l" or some common misspelled command). I suppose
if they had access to /opt/texbin though, they could modify tlmgr
which would cause the same security problem for any solution. Sounds
like I'm thinking harder than I need to about this.

Thanks for the advice,

Scott


More information about the tex-live mailing list