TL 2024: lua's file.is_writable() broken

Dr. Werner Fink werner at suse.de
Thu Mar 21 10:54:14 CET 2024


Hi,

I have a report that e.g. python-Sphinx testr code breaks at internal
test call

  lualatex --halt-on-error --interaction=nonstopmode sphinxtest.tex

... now after adding some debug messages

  /abuild/oscbuild/standard/usr/share/texmf/tex/luatex/luaotfload/fontloader-reference.lua

with

    for i=1,#cachepaths do
        local cachepath = cachepaths[i]
        print("XXXX cache path " .. cachepath)
        if file.is_writable("/home/abuild/") then
          print("YYYY cache path writable")
        else
          print("YYYY cache path not writable")
        end
        if file.is_writable(".") then
          print("YYYY cache path writable")
        else
          print("YYYY cache path not writable")
        end
    [...]

I see at stdout

  This is LuaHBTeX, Version 1.18.0 (TeX Live 2024/TeX Live for opensuse.org) 
   restricted system commands enabled.
  (./sphinxcrash.tex
  LaTeX2e <2023-11-01> patch level 1
  L3 programming layer <2024-02-20>
  XXXX cache path /home/abuild/.cache/texmf/fonts
  YYYY cache path not writable
  YYYY cache path writable

which is somehow a suprise as the user abuild is owner of its home which
means that the call file.is_writable lies on /home/abuild/

  abuild at noether:/home/abuild/rpmbuild/BUILD> pwd
  /home/abuild/rpmbuild/BUILD
  abuild at noether:/home/abuild/rpmbuild/BUILD> whoami 
  abuild
  abuild at noether:/home/abuild/rpmbuild/BUILD> stat /home/abuild/
    File: /home/abuild/
    Size: 154             Blocks: 0          IO Block: 4096   directory
  Device: 8,17    Inode: 1081575903  Links: 6
  Access: (0755/drwxr-xr-x)  Uid: (  399/  abuild)   Gid: (  399/  abuild)
  Access: 2024-03-21 09:04:27.553841693 +0000
  Modify: 2024-03-21 09:36:35.453417724 +0000
  Change: 2024-03-21 09:36:35.453417724 +0000
   Birth: 2024-03-21 08:08:32.891190086 +0000

The strace show at this call

  9776  write(1, "XXXX cache path /home/abuild/.cache/texmf/fonts", 47) = 47
  9776  write(1, "\n", 1)                 = 1
  9776  newfstatat(AT_FDCWD, "/home/abuild", {st_mode=S_IFDIR|0755, st_size=154, ...}, 0) = 0
  9776  write(1, "YYYY cache path not writable", 28) = 28
  9776  write(1, "\n", 1)                 = 1
  9776  newfstatat(AT_FDCWD, ".", {st_mode=S_IFDIR|0755, st_size=135, ...}, 0) = 0
  9776  openat(AT_FDCWD, "./m_t_x_t_e_s_t.tmp", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 5
  9776  close(5)                          = 0
  9776  unlink("./m_t_x_t_e_s_t.tmp")     = 0
  9776  write(1, "YYYY cache path writable", 24) = 24
  9776  write(1, "\n", 1)                 = 1

OK this is secure ... very secure but totally unusable


Werner

-- 
  "Having a smoking section in a restaurant is like having
          a peeing section in a swimming pool." -- Edward Burr
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 894 bytes
Desc: not available
URL: <https://tug.org/pipermail/tex-live/attachments/20240321/0e571a70/attachment.sig>


More information about the tex-live mailing list.