[tex-live] Recommended way to call tlmgr when TeX Live installed with root permissions

Reinhard Kotucha reinhard.kotucha at web.de
Sun Aug 31 11:43:21 CEST 2014 

On 2014-08-31 at 00:15:16 -0400, Scott Kostyshak wrote:

 > On Fri, Aug 29, 2014 at 11:59 PM, Norbert Preining <preining at logic.at> wrote:
 > > Hi,
 > >
 > > On Fri, 29 Aug 2014, Scott Kostyshak wrote:
 > >> Suppose that TeX Live is installed to /opt/texbin and requires root
 > >> permissions to call tlmgr to update the installation. What are the
 > >> recommended ways to call tlmgr? I see two approaches:
 > >>
 > >> 1. call it directly: sudo /opt/texbin/tlmgr (or create an alias)
 > >> 2. add /opt/texbin to root's PATH.
 > >>
 > >> (2) seems to be the most convenient option but I imagine it's
 > >> not a good idea from a security perspective. If this is true,
 > >> could someone outline a case where this would lead to a security
 > >> vulnerability?
 > >
 > > Both are fine. Why should adding /opt/texbin increase the
 > > security vulnerability?
 > >
 > > If someone is already root, he can call /opt/texbin/whatever
 > > without having it in the path.
 > 
 > I was thinking more that if an intruder somehow has access to
 > /opt/texbin (without having full root permissions), they could do
 > something like put an executable file "ls" in there and thus trick
 > root into running arbitrary commands (or if PATH precedence would
 > obviate that, then "l" or some common misspelled command). I
 > suppose if they had access to /opt/texbin though, they could modify
 > tlmgr which would cause the same security problem for any
 > solution. Sounds like I'm thinking harder than I need to about
 > this.

If everything in /opt/texbin is writable by root only then an intruder
needs full root permissions in order to add or modify files.

There is no reason to install TeX Live as root at all.  You could do

  chown -R skostysh:users /opt/texbin

and you don't have to be root in order to run tlmgr.  It's more secure
not to run programs as root.  Alternatively you can create a dedicated
account "texadmin".  The advantage is that it has its own HOME
directory and all the trojan horses you already have in your own HOME
directory are not accessible.

Please keep in mind: if an intruder is able to modify files on your
system, you are already lost.  Sure, it's worse if he can modify files
owned by root because root can do things what normal users can't do.

Regards,
  Reinhard

-- 
------------------------------------------------------------------
Reinhard Kotucha                            Phone: +49-511-3373112
Marschnerstr. 25
D-30167 Hannover                    mailto:reinhard.kotucha at web.de
------------------------------------------------------------------

More information about the tex-live mailing list