[luatex] File permissions for luatex PDF output

Khaled Hosny khaledhosny at eglug.org
Sun Sep 5 16:30:29 CEST 2010


On Sun, Sep 05, 2010 at 03:53:36PM +0200, Ulrik Vieth wrote:
> I just made an interesting observation, which may have potential
> security implications.
> 
> Somehow PDF and AUX files from LuaLaTeX have file permissions 666,
> whereas LOG files have file permission 644 (according to umask 022).
> 
> In other words, PDF and AUX files generated by LuaLaTeX could become
> world-writable to other users on a multi-user system.
> 
> What I find strange is that it happens when I run LuaLaTeX test files
> using OpenType math fonts. It does not happen for ConTeXt test files.
> 
> It does not happen for plain LuaTeX with TFM fonts, e.g. "luatex story"
> It does not happen for LuaLaTeX with TFM fonts, e.g. "lualatex sample2e"
> 
> It does however, happen, with plain LuaTeX when I load luaotfload,e.g.
> 
> luatex
> \relax
> \input luatofload.sty
> \input story
> \bye
> 
> Is there anything in luaotfload which instruments the file output
> mechanism for PDF and AUX files, but fails to consider the umask?

I don't have the slightest idea what would be causing that.

Regards,
 Khaled

-- 
 Khaled Hosny
 Arabic localiser and member of Arabeyes.org team
 Free font developer


More information about the luatex mailing list