[OS X TeX] tlmgr

cfrees at imapmail.org cfrees at imapmail.org
Sun Oct 19 00:00:41 CEST 2008


On Sat 18th Oct, 2008 at 22:49, Peter Dyballa seems to have written:

>
> Am 17.10.2008 um 02:01 schrieb Dr. Clea F. Rees:
>
>> The MacTeX wiki currently recommends running:
>> 	sudo tlmgr update --all
>> 
>> Question: is there some reason to prefer this to:
>> 	sudo -H tlmgr update --all
>
> There is one quite good reason: avoiding danger.
>
> An attacker might leave in ~/bin a script or programme, it could have been 
> downloaded by visiting some web page or viewing some graphics file or movie. 
> Let's assume it has a name like kpsewhich or updmap. In a simple sudo 
> situation ~/bin is in root's search PATH and ~/bin/kpsewhich or ~/bin/updmap 
> could be executed with elevated privileges. In a 'sudo -H' situation ~/bin 
> becomes root's private bin directory, i.e., /var/root/bin ? which usually 
> does not exist at all. No danger. Security.

That's actually a reason *against* the current recommendation, though,
right? That is, it is a reason to prefer
 	sudo -H
to
 	sudo
rather than the other way around.

In fact, though, it makes no difference from a security point of view.
The *expanded* value of PATH is inherited so -H doesn't affect it. So
the choice to use -H or not makes no difference so far as security is
concerned.

- cfr



More information about the macostex-archives mailing list