[OS X TeX] tlmgr

Peter Dyballa Peter_Dyballa at Web.DE
Sat Oct 18 22:49:58 CEST 2008


Am 17.10.2008 um 02:01 schrieb Dr. Clea F. Rees:

> The MacTeX wiki currently recommends running:
> 	sudo tlmgr update --all
>
> Question: is there some reason to prefer this to:
> 	sudo -H tlmgr update --all

There is one quite good reason: avoiding danger.

An attacker might leave in ~/bin a script or programme, it could have  
been downloaded by visiting some web page or viewing some graphics  
file or movie. Let's assume it has a name like kpsewhich or updmap.  
In a simple sudo situation ~/bin is in root's search PATH and ~/bin/ 
kpsewhich or ~/bin/updmap could be executed with elevated privileges.  
In a 'sudo -H' situation ~/bin becomes root's private bin directory,  
i.e., /var/root/bin – which usually does not exist at all. No danger.  
Security.

--
Greetings

   Pete

This is a signature virus.  Add me to your signature and help me to live





More information about the macostex-archives mailing list