[tex-live] Recommended way to call tlmgr when TeX Live installed with root permissions
Zdenek Wagner
zdenek.wagner at gmail.com
Sun Aug 31 10:08:12 CEST 2014
2014-08-31 6:15 GMT+02:00 Scott Kostyshak <skostysh at lyx.org>:
> On Fri, Aug 29, 2014 at 11:59 PM, Norbert Preining <preining at logic.at> wrote:
>> Hi,
>>
> ...
>
> I was thinking more that if an intruder somehow has access to
> /opt/texbin (without having full root permissions), they could do
> something like put an executable file "ls" in there and thus trick
> root into running arbitrary commands (or if PATH precedence would
> obviate that, then "l" or some common misspelled command). I suppose
> if they had access to /opt/texbin though, they could modify tlmgr
> which would cause the same security problem for any solution. Sounds
> like I'm thinking harder than I need to about this.
>
Do you have different permission for subdirectories? If not, the user
who can insert an executable into /opt/textbin, can also run
successfully tlmgr.
> Thanks for the advice,
>
> Scott
--
Zdeněk Wagner
http://hroch486.icpf.cas.cz/wagner/
http://icebearsoft.euweb.cz
More information about the tex-live
mailing list