[NTG-context] permissions in luatex-cache

Peter Münster pmlists at free.fr
Wed Jan 9 23:36:14 CET 2008


On Wed, Jan 09, 2008 at 10:47:16PM +0100, Hans Hagen wrote:
> 
> > And do these world writable directories present any security risk?
> > (For example: user A writes some evil code into file
> > $TEXMFCACHE/luatex-cache/context/XXX/fonts/otf/file.otf that makes user B
> > remove all his files when running "texexec --luatex document.tex")
> 
> you can use a cache in your home path and make that country or city 
> writable

So you mean, there is a security risk, luatex does not check its input and
arbitrary code can be executed?

The disadvantage of one cache per user is, that everybody needs to
regenerate the formats after an update, since the formats are also placed
there...

Cheers, Peter

(it was just a question out of curiosity, on my systems, there are no evil
users of course ;)

-- 
http://pmrb.free.fr/contact/



More information about the ntg-context mailing list