TeX 1995 July

home *** CD-ROM | disk | FTP | other *** search

/ TeX 1995 July / TeX CD-ROM July 1995 (Disc 1)(Walnut Creek)(1995).ISO / tex-k / tex-k-archive.past / tex-k-archive.gz / tex-k-archive / 000140_klaus@ux7.tfl.dk_Wed Dec 22 20:53:20 1993.msg < prev next >

Wrap

Internet Message Format | 1994-10-11 | 4KB

Received: from ux7.tdr.dk (ux7.tfl.dk) by cs.umb.edu with SMTP id AA17512 (5.65c/IDA-1.4.4 for <tex-k@cs.umb.edu>); Wed, 22 Dec 1993 13:53:25 -0500 Received: by ux7.tdr.dk (/\==/\ Smail3.1.24.1 #24.1) id <m0pCYgT-0001bzC@ux7.tdr.dk>; Wed, 22 Dec 93 19:53 MET Message-Id: <m0pCYgT-0001bzC@ux7.tdr.dk> From: klaus@tdr.dk (Klaus Elmquist Nielsen) Subject: Re: Security and MakeTeXPK To: tex-k@cs.umb.edu Date: Wed, 22 Dec 1993 19:53:20 +0100 (MET) In-Reply-To: <199312220115.UAA28900@phobos.sscl.uwo.ca> from "John Tucker" at Dec 21, 93 08:15:37 pm X-Mailer: ELM [version 2.4 PL21] Content-Type: text Content-Length: 3385 > When installing TeX, I ran across the problem of MakeTeXPK not being able > to access the directory when I ran it as anything except root. Some (many?) sites install their software packages as another user than root. This is more secure in the following sense: The installations scripts is never run as root and this limits the damage they can do to the rest of the system. It is also possible to install each software package under a different user, which ensures that the installation scripts cannot change other software packages. > My possible solution is this: > Create a group called tex and chown the entire TeX hierarchy to root.tex > Having done this, I set all read-only files to 644 and all executable > files to 755 (directories and binaries). MakeTeXPK only needs write access to the directories containing the PK files. There is no point in giving it write access to all your TeX files. > My question is this: If I set > MakeTeXPK to setgid when running (2755), do I introduce a huge > gaping security hole? I know that setuid shell scripts are very insecure. Guess it is the same with setgid shell scripts. Some remarks about the security of MakeTeXPK: (1) Any user can create any number of fonts no matter how secure MakeTeXPK is made. This is because MakeTeXPK is an ordinary command that any user can activate. Maybe quotas can help here (to limit the number of fonts etc), but exactly how many fonts does a user need? Thus there are limits to how secure the idea of MakeTeXPK can be without giving each user its own area for PK files. (2) MakeTeXPK needs write access to the directories which contains the PK files. It may be possible to write a C version which is setuid, and thus get rid of the global write access to the PK directories. This program must call METAFONT without setuid, of cause. But (1) above still applies. (3) What is the worst thing that can happen given global write access to the directories containing PK files? I can think of two things: (a) PK files can be added/deleted/altered. This is unplesant but not fatal. (b) As far as I remember: To use a setuid shell script for a breakin, a writeable directory on the same file system as is all that is needed... If this is true (I don't have the recipe), there may be serious security problems. If you are concerned about having all your PK files in a world writeable directory, then consider having two sets of PK directories. One which is world writeable: generated fonts goes here. And another one which isn't: generated fonts may be copied from the world writeable directory (or regenerated from the list of PK files in the world writeable directory). All the TeX drivers have both of the directories in their search path. The world writeable directory goes last in the search path. This setup ensures that already generated files that are in the non-writeable directory cannot be changed `any user'. Hope this helps. Cheers, Klaus -- Klaus Elmquist Nielsen | Big blues: Tele Danmark Research | Q: Am I uniX? Email: klaus@tdr.dk | A: No! ``Mass production means chemestry, not cookery'', The Chocolate Book (Penguin) ``Hvis Fakta er fakta, s{\aa} er Brugsen fup!''