[tex-live] README with executable bit on
jfbu
jfbu at free.fr
Fri Apr 5 21:18:05 CEST 2013
Hi,
I just updated TL 2012 on a Mac OS, using TeX Live Utility
I see a small package passing by, "roundbox" and I want to
read its documentation. Double-Clicking the README icon
pops up a Terminal window and it appears as is some script
was trying to run.
So I go
to see the actual file:
/usr/local/texlive/2012/texmf-dist/doc/latex/roundbox/README
and it has the executable bit on, although it is a perfectly
innocent text file
-rwxr-xr-x 945 Apr 4 00:39 README
retrospectively isn't this a potential security problem?
I could have triggered any kind of malicious shell script this way.
Regards,
Jean-Francois
More information about the tex-live
mailing list