[OS X TeX] tlmgr
Peter Dyballa
Peter_Dyballa at Web.DE
Sat Oct 18 22:49:58 CEST 2008
Am 17.10.2008 um 02:01 schrieb Dr. Clea F. Rees:
> The MacTeX wiki currently recommends running:
> sudo tlmgr update --all
>
> Question: is there some reason to prefer this to:
> sudo -H tlmgr update --all
There is one quite good reason: avoiding danger.
An attacker might leave in ~/bin a script or programme, it could have
been downloaded by visiting some web page or viewing some graphics
file or movie. Let's assume it has a name like kpsewhich or updmap.
In a simple sudo situation ~/bin is in root's search PATH and ~/bin/
kpsewhich or ~/bin/updmap could be executed with elevated privileges.
In a 'sudo -H' situation ~/bin becomes root's private bin directory,
i.e., /var/root/bin – which usually does not exist at all. No danger.
Security.
--
Greetings
Pete
This is a signature virus. Add me to your signature and help me to live
More information about the macostex-archives
mailing list