[tex-live] README with executable bit on

jfbu jfbu at free.fr
Fri Apr 5 21:18:05 CEST 2013


I just updated TL 2012 on a Mac OS, using TeX Live Utility
I see a small package passing by,  "roundbox" and I want to
read its documentation. Double-Clicking the README icon
pops up a Terminal window and it appears as is some script
was trying to run. 

So I go
to see the actual file:
and it has the executable bit on, although it is a perfectly
innocent text file

  -rwxr-xr-x        945 Apr  4 00:39 README

retrospectively isn't this a potential security problem?

I could have triggered any kind of malicious shell script this way.



More information about the tex-live mailing list