catalog Info Catalog previous kpathsea: unixtex up kpathsea: Top next kpathsea: TeX directory structure

kpathsea: Security

 
 3 Security
 **********
 
 None of the programs in the TeX system require any special system
 privileges, so there's no first-level security concern of people gaining
 illegitimate root access.
 
    A TeX document, however, can write to arbitrary files, e.g.,
 '~/.rhosts', and thus an unwitting user who runs TeX on a random
 document is vulnerable to a trojan horse attack.  This loophole is
 closed by default, but you can be permissive if you so desire in
 'texmf.cnf'.  ⇒(web2c)tex invocation.  MetaPost has the same
 issue.
 
    Dvips, Xdvi, and TeX can also execute shell commands under some
DONTPRINTYET  circumstances.  To disable this, see the '-R' option in ⇒
 (dvips)Option details, the xdvi man page, and *note(web2c)tex
DONTPRINTYET  circumstances.  To disable this, see the '-R' option in ⇒
 (dvips)Option details, the xdvi man page, and ⇒(web2c)tex

 invocation, respectively.
 
    Another security issue arises because it's very useful--almost
 necessary--to make arbitrary fonts on user demand with 'mktexpk' and
 friends.  Where do these files get installed?  By default, the 'mktexpk'
 distributed with Kpathsea assumes a world-writable '/var/tmp' directory;
 this is a simple and convenient approach, but it may not suit your
 situation because it means that a local cache of fonts is created on
 every machine.
 
    To avoid this duplication, many people consider a shared, globally
 writable font tree desirable, in spite of the potential security
 problems.  To do this you should change the value of 'VARTEXFONTS' in
 'texmf.cnf' to refer to some globally known directory.  ⇒mktex
 configuration.
 
    The first restriction you can apply is to make newly-created
 directories under 'texmf' be append-only with an option in 'mktex.cnf'.
 ⇒mktex configuration.
 
    Another approach is to establish a group (or user) for TeX files,
 make the 'texmf' tree writable only to that group (or user), and make
 'mktexpk' et al. setgid to that group (or setuid to that user).  Then
 users must invoke the scripts to install things.  (If you're worried
 about the inevitable security holes in scripts, then you could write a C
 wrapper to exec the script.)
 
    The 'mktex...' scripts install files with the same read and write
 permissions as the directory they are installed in.  The executable,
 sgid, suid, and sticky bits are always cleared.
 
    Any directories created by the 'mktex...' scripts have the same
 permissions as their parent directory, unless the 'appendonlydir'
 feature is used, in which case the sticky bit is always set.
catalog Info Catalog previous kpathsea: unixtex up kpathsea: Top next kpathsea: TeX directory structure