Hi Nelson,

>>>>> "Nelson" == Nelson H F Beebe <beebe at math.utah.edu> writes:

  > Reinhard Kotucha <reinhard.kotucha at web.de> writes today on this
  > list:

  >>> If absolute paths are disallowed, what can be damaged if you "cd
  >>> /tmp" before you execute anything?

  > Perhaps not damaged, but on some systems, that simply won't work.

  > Recent GNU/Linux, and possibly other operating systems, allow
  > filesystem mounts in no-execute mode, and some systems are set to
  > mount /tmp and /var/tmp that way.  It is then impossible to run
  > any executable that resides in those directory trees without first
  > copying it to some other filesystem.  Of course, for shell
  > scripts, one can still do "sh < /tmp/malicious-script.sh", "perl <
  > /tmp/nasty-stuff.pl", and so on.

thanks for the hint.  I'll keep it in mind when I write scripts.
Fortunately, the program getnonfreefonts(1) in TeXLive-2005 executes
programs in $TMP rather than in /tmp.  The next version will check
whether /tmp is non-executable and provide a message which tells less
experienced users how to proceed.


