[tex-live] README with executable bit on

Reinhard Kotucha reinhard.kotucha at web.de
Fri Apr 5 23:35:08 CEST 2013


On 2013-04-05 at 21:18:05 +0200, jfbu wrote:

 > Hi, 
 > 
 > I just updated TL 2012 on a Mac OS, using TeX Live Utility
 > I see a small package passing by,  "roundbox" and I want to
 > read its documentation. Double-Clicking the README icon
 > pops up a Terminal window and it appears as is some script
 > was trying to run. 
 > 
 > So I go
 > to see the actual file:
 >  /usr/local/texlive/2012/texmf-dist/doc/latex/roundbox/README
 > and it has the executable bit on, although it is a perfectly
 > innocent text file
 > 
 >   -rwxr-xr-x        945 Apr  4 00:39 README
 > 
 > retrospectively isn't this a potential security problem?

No, the executable bit is not a security problem.  If that would be
the case, then all files on USB sticks with a FAT filesystem are
insecure.   

If a file contains computer code, it could be harmful.  If a file
called 'README' contains computer code, I would be very careful.
But it's not the case here.   

What makes you think that your system is trying to execute a script?

Regards,
  Reinhard

-- 
----------------------------------------------------------------------------
Reinhard Kotucha                                      Phone: +49-511-3373112
Marschnerstr. 25
D-30167 Hannover                              mailto:reinhard.kotucha at web.de
----------------------------------------------------------------------------
Microsoft isn't the answer. Microsoft is the question, and the answer is NO.
----------------------------------------------------------------------------


More information about the tex-live mailing list