[tex-live] Distributing Customised TeX Live

[Nelson H. F. Beebe]

Fabrice Popineau <Fabrice.Popineau at supelec.fr> writes on Wed, 05 Jan
2005 11:48:00 +0100 about the reasons for introducing the TEXMFTEMP
environment variable: to prevent font files being generated by a
previous user in a public directory that are not readable (or
writable) by subsequent users.  

That is indeed a problem, but isn't a better solution to have the TeX
tool that generates fonts on the fly also set the font-file
protections for public read access (on Unix, "chmod a+r
/tmp/foo.600pk").  Our MakeTeXPK script has always done that (the RCS
history here shows chmod commands in the original 1995 version).

Of course, denial-of-service attacks are always possible in public
directories:

	touch /tmp/cmr10.300pk
	chmod 700 /tmp/cmr10.300pk

As a manager, I would have very negative view of such a user, and
would likely close the user account.  We have 10K+ student users on
our systems, and TeX gets run over a million times a semester (in the
WebWork online problem and quiz system); so far, such attacks have not
happened.

-------------------------------------------------------------------------------
- Nelson H. F. Beebe                    Tel: +1 801 581 5254                  -
- University of Utah                    FAX: +1 801 581 4148                  -
- Department of Mathematics, 110 LCB    Internet e-mail: beebe at math.utah.edu  -
- 155 S 1400 E RM 233                       beebe at acm.org  beebe at computer.org -
- Salt Lake City, UT 84112-0090, USA    URL: http://www.math.utah.edu/~beebe  -
-------------------------------------------------------------------------------