[NTG-context] permissions in luatex-cache
Peter Münster
pmlists at free.fr
Wed Jan 9 23:36:14 CET 2008
On Wed, Jan 09, 2008 at 10:47:16PM +0100, Hans Hagen wrote:
>
> > And do these world writable directories present any security risk?
> > (For example: user A writes some evil code into file
> > $TEXMFCACHE/luatex-cache/context/XXX/fonts/otf/file.otf that makes user B
> > remove all his files when running "texexec --luatex document.tex")
>
> you can use a cache in your home path and make that country or city
> writable
So you mean, there is a security risk, luatex does not check its input and
arbitrary code can be executed?
The disadvantage of one cache per user is, that everybody needs to
regenerate the formats after an update, since the formats are also placed
there...
Cheers, Peter
(it was just a question out of curiosity, on my systems, there are no evil
users of course ;)
--
http://pmrb.free.fr/contact/
More information about the ntg-context
mailing list