[subversion-commit] SVN tex-common commit + diffs: r899 - tex-common/trunk/debian

Frank Küster frank at costa.debian.org
Fri Feb 17 09:52:44 UTC 2006 

Author: frank
Date: 2006-02-17 09:52:43 +0000 (Fri, 17 Feb 2006)
New Revision: 899

Added:
   tex-common/trunk/debian/README.Debian
Modified:
   tex-common/trunk/debian/postinst.in
Log:
- do manage ls-R permissions/ownership if it is present
- add a README.Debian to document the security concerns

Added: tex-common/trunk/debian/README.Debian
===================================================================
--- tex-common/trunk/debian/README.Debian	2006-02-16 17:00:16 UTC (rev 898)
+++ tex-common/trunk/debian/README.Debian	2006-02-17 09:52:43 UTC (rev 899)
@@ -0,0 +1,20 @@
+
+Security information:
+=====================
+
+By default and according to long-standing tradition, the TeX font
+cache directory /var/cache/fonts is writable by the "users" group.
+Since this allows every group member to create arbitrary files on the
+/var partition, this might be a security risk, depending on local
+requirements and policy.
+
+If you don't like this, use "dpkg-reconfigure tex-common" to switch
+group ownership of the directory to a different group, or remove the
+group write permission.  In this case, the local administrator should
+probably fill the font cache, using the commands "allneeded" or
+"allcm" and "allec" in the teTeX or TeXlive packages.
+
+Alternatively, you could put /var/cache/fonts on a different
+partition, e.g. using bind-mount.
+
+ -- Frank Küster <frank at debian.org>, Fri Feb 17 10:53:28 2006

Modified: tex-common/trunk/debian/postinst.in
===================================================================
--- tex-common/trunk/debian/postinst.in	2006-02-16 17:00:16 UTC (rev 898)
+++ tex-common/trunk/debian/postinst.in	2006-02-17 09:52:43 UTC (rev 899)
@@ -121,9 +121,13 @@
       db_get tex-common/groupname || true
       GROUP="$RET"
       if [ -n "$GROUP" ] ; then
-	echo -n "Adjusting permissions of TeX font cache ... "
+	echo -n "Adjusting permissions of TeX font cache... "
         find /var/cache/fonts -type d -print0 | xargs -0r chmod $FONTCACHE_PERMS
 	find /var/cache/fonts -type d -print0 | xargs -0r chown "root:$GROUP"
+	if [ -f /var/cache/fonts/ls-R ]; then
+	  chmod 664 /var/cache/fonts/ls-R
+	  chown "root:$GROUP" /var/cache/fonts/ls-R
+	fi
 	echo "done."
       fi
     fi

More information about the Pkg-tetex-commits mailing list