[tex-live] README with executable bit on
jfbu at free.fr
Fri Apr 5 21:18:05 CEST 2013
I just updated TL 2012 on a Mac OS, using TeX Live Utility
I see a small package passing by, "roundbox" and I want to
read its documentation. Double-Clicking the README icon
pops up a Terminal window and it appears as is some script
was trying to run.
So I go
to see the actual file:
and it has the executable bit on, although it is a perfectly
innocent text file
-rwxr-xr-x 945 Apr 4 00:39 README
retrospectively isn't this a potential security problem?
I could have triggered any kind of malicious shell script this way.
More information about the tex-live