[tex-k] Kpathsea and SUID/SGID programs
olaf at infovore.xs4all.nl
Mon May 17 22:53:17 CEST 2004
Jan Vida writes:
> While working for my school project I've found that kpathsea doesn't
> handle well SUID and SGID programs. The problem lies in the function
> kpse_readable_file() in file readable.c, which checks permissions for
> found files. It relies on the system function access() (via macro
> READABLE). Unfortunately, this call doesn't take into account rights
> gained by the SUID/SGID mechanism and so might fail, even when the calling
> program does in fact have the right to read the found file.
It is arguable whether this is a feature or a bug. This gets into the
area of what security model libkpathsea should be supporting, which is
something that hasn't been really worked out.
(This space left blank for technical reasons.)
More information about the tex-k