From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.comp.tex.context/38550
Path: news.gmane.org!not-for-mail
From: Peter =?utf-8?Q?M=C3=BCnster?= <pmlists@free.fr>
Newsgroups: gmane.comp.tex.context
Subject: Re: permissions in luatex-cache
Date: Wed, 9 Jan 2008 23:36:14 +0100
Message-ID: <20080109223614.GA30957@gaston.couberia.bzh>
References: <20080109204125.GD12571@gaston.couberia.bzh>
	<478540E4.3050802@wxs.nl>
Reply-To: mailing list for ConTeXt users <ntg-context@ntg.nl>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Trace: ger.gmane.org 1199918234 20029 80.91.229.12 (9 Jan 2008 22:37:14 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Wed, 9 Jan 2008 22:37:14 +0000 (UTC)
To: mailing list for ConTeXt users <ntg-context@ntg.nl>
Original-X-From: ntg-context-bounces@ntg.nl Wed Jan 09 23:37:34 2008
Return-path: <ntg-context-bounces@ntg.nl>
Envelope-to: gctc-ntg-context-518@m.gmane.org
Original-Received: from ronja.vet.uu.nl ([131.211.172.88] helo=ronja.ntg.nl)
	by lo.gmane.org with esmtp (Exim 4.50)
	id 1JCjYB-000543-CN
	for gctc-ntg-context-518@m.gmane.org; Wed, 09 Jan 2008 23:37:31 +0100
Original-Received: from localhost (localhost [127.0.0.1])
	by ronja.ntg.nl (Postfix) with ESMTP id 000901FCFF;
	Wed,  9 Jan 2008 23:37:06 +0100 (CET)
Original-Received: from ronja.ntg.nl ([127.0.0.1])
 by localhost (smtp.ntg.nl [127.0.0.1]) (amavisd-new, port 10024) with LMTP
 id 01349-02; Wed,  9 Jan 2008 23:36:28 +0100 (CET)
Original-Received: from ronja.vet.uu.nl (localhost [127.0.0.1])
	by ronja.ntg.nl (Postfix) with ESMTP id 138031FCCE;
	Wed,  9 Jan 2008 23:36:28 +0100 (CET)
Original-Received: from localhost (localhost [127.0.0.1])
	by ronja.ntg.nl (Postfix) with ESMTP id B45881FCCE
	for <ntg-context@ntg.nl>; Wed,  9 Jan 2008 23:36:26 +0100 (CET)
Original-Received: from ronja.ntg.nl ([127.0.0.1])
	by localhost (smtp.ntg.nl [127.0.0.1]) (amavisd-new,
	port 10024) with LMTP id 02503-01-4 for <ntg-context@ntg.nl>;
	Wed,  9 Jan 2008 23:35:55 +0100 (CET)
Original-Received: from smtp2b.orange.fr (smtp2b.orange.fr [80.12.242.145])
	by ronja.ntg.nl (Postfix) with ESMTP id 11D881FC45
	for <ntg-context@ntg.nl>; Wed,  9 Jan 2008 23:35:55 +0100 (CET)
Original-Received: from me-wanadoo.net (localhost [127.0.0.1])
	by mwinf2b09.orange.fr (SMTP Server) with ESMTP id E7184700008C
	for <ntg-context@ntg.nl>; Wed,  9 Jan 2008 23:35:53 +0100 (CET)
Original-Received: from gaston.couberia.bzh (ARennes-358-1-8-110.w90-49.abo.wanadoo.fr
	[90.49.219.110])
	by mwinf2b09.orange.fr (SMTP Server) with ESMTP id C4EBC7000085
	for <ntg-context@ntg.nl>; Wed,  9 Jan 2008 23:35:53 +0100 (CET)
X-ME-UUID: 20080109223553806.C4EBC7000085@mwinf2b09.orange.fr
Original-Received: by gaston.couberia.bzh (Postfix, from userid 1000)
	id 8F984305B3; Wed,  9 Jan 2008 23:36:14 +0100 (CET)
Content-Disposition: inline
In-Reply-To: <478540E4.3050802@wxs.nl>
User-Agent: Mutt/1.5.16 (2007-06-09)
X-Virus-Scanned: amavisd-new at ntg.nl
X-BeenThere: ntg-context@ntg.nl
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: mailing list for ConTeXt users <ntg-context.ntg.nl>
List-Unsubscribe: <http://www.ntg.nl/mailman/listinfo/ntg-context>,
	<mailto:ntg-context-request@ntg.nl?subject=unsubscribe>
List-Archive: <http://www.ntg.nl/pipermail/ntg-context>
List-Post: <mailto:ntg-context@ntg.nl>
List-Help: <mailto:ntg-context-request@ntg.nl?subject=help>
List-Subscribe: <http://www.ntg.nl/mailman/listinfo/ntg-context>,
	<mailto:ntg-context-request@ntg.nl?subject=subscribe>
Original-Sender: ntg-context-bounces@ntg.nl
Errors-To: ntg-context-bounces@ntg.nl
X-Virus-Scanned: amavisd-new at ntg.nl
Xref: news.gmane.org gmane.comp.tex.context:38550
Archived-At: <http://permalink.gmane.org/gmane.comp.tex.context/38550>

On Wed, Jan 09, 2008 at 10:47:16PM +0100, Hans Hagen wrote:
> 
> > And do these world writable directories present any security risk?
> > (For example: user A writes some evil code into file
> > $TEXMFCACHE/luatex-cache/context/XXX/fonts/otf/file.otf that makes user B
> > remove all his files when running "texexec --luatex document.tex")
> 
> you can use a cache in your home path and make that country or city 
> writable

So you mean, there is a security risk, luatex does not check its input and
arbitrary code can be executed?

The disadvantage of one cache per user is, that everybody needs to
regenerate the formats after an update, since the formats are also placed
there...

Cheers, Peter

(it was just a question out of curiosity, on my systems, there are no evil
users of course ;)

-- 
http://pmrb.free.fr/contact/

___________________________________________________________________________________
If your question is of interest to others as well, please add an entry to the Wiki!

maillist : ntg-context@ntg.nl / http://www.ntg.nl/mailman/listinfo/ntg-context
webpage  : http://www.pragma-ade.nl / http://tex.aanhet.net
archive  : https://foundry.supelec.fr/projects/contextrev/
wiki     : http://contextgarden.net
___________________________________________________________________________________