1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA512 |
3 |
|
4 |
On 01/07/2015 12:15 PM, Matt Turner wrote: |
5 |
> On Wed, Jan 7, 2015 at 7:57 AM, William Hubbs <williamh@g.o> |
6 |
> wrote: |
7 |
>> On Wed, Jan 07, 2015 at 06:49:56AM -0500, Philip Webb wrote: |
8 |
>>> 150106 William Hubbs wrote: This one is perfectly safe on a |
9 |
>>> single-user system : please leave it there. |
10 |
>> |
11 |
>> I'm not opposed to it staying in the tree under one of these |
12 |
>> conditions: |
13 |
>> |
14 |
>> 1) fix it and remove the mask |
15 |
>> |
16 |
>> or |
17 |
>> |
18 |
>> 2) remove the mask and add ewarns to the ebuild |
19 |
> |
20 |
> Remove the mask that people have to see and actively disable in |
21 |
> order to install the software and replace it with ewarn messages |
22 |
> that they likely won't read? |
23 |
> |
24 |
> I don't see the problem with versions with security |
25 |
> vulnerabilities masked in the tree. nethack in particular has been |
26 |
> masked in the tree since 2006, so we have some precedence. |
27 |
> |
28 |
> |
29 |
|
30 |
The only reason there is a security issue with nethack (and other |
31 |
games like it) on Gentoo, and only on Gentoo, is that the games team |
32 |
policy requires that all games have permissions 0750, with group |
33 |
"games", and all users that should be allowed to run games be in the |
34 |
"games" group. Nethack expects that it have permissions 2755 (or |
35 |
2711), with group "games" and that *no* users are members of that |
36 |
group, so it can securely save files that are accessible to all users |
37 |
during gameplay ("bones" files) and ensure that the user cannot |
38 |
access/change their current save file. These two expectations are |
39 |
incompatible with each other, and end up creating a security issue |
40 |
that upstream would never expect (as no users can be in the "games" |
41 |
group traditionally). |
42 |
|
43 |
- -- |
44 |
Jonathan Callen |
45 |
-----BEGIN PGP SIGNATURE----- |
46 |
Version: GnuPG v2 |
47 |
|
48 |
iQIcBAEBCgAGBQJUrc0kAAoJELHSF2kinlg4U48P/0832YIuICSAqjvPd2HOevs0 |
49 |
PISYT08qafzPevhppfe4YC4G1Z2hpoUaiLTiEozHDGfEkwoxMjIQQWEB1idco5Wo |
50 |
gbYtUtX3X7BgAlBQxNMlb6jnc+xExAKqwB35SJF4374s3gw3GEWmED2eNJzgCdnM |
51 |
pERhAsKXpc9GNFCY31QmscWFAu+Wk7l8HjEWjKbZ9491dHESDpzBp3HSPoxGtUMH |
52 |
wsL9vVhfS/JPEbLTcoCWwyx2s/et/wuEcnEO7c0N2byfxm6e0MXPS8vs4ZiMCRsl |
53 |
+nVKTkCH4uH5LTF7KQJ/Djiju4+dtydmByOJ/FrC3T+6E47X4n8m4fXWUa09jHsZ |
54 |
VO6YOxJLSbitw0FVE2RubGKbDVbQE7vHRefGxgtv0ZnpkeFC/8hoOAmntFCkbkmy |
55 |
WKtTPNPxCCOIMU6AE4G53HkeLJ9aOBZFl/el4OKYGTTuRX6o80f0GzRdsiFAqbqz |
56 |
CbP+pSDFMeqicP0P2R2rt5VFfa61DHLWYTO93hcSfgsBJ3tTFAPE4rh/hFQtbz0Z |
57 |
W4Mife7QLN6SVh5KjWlUSAv3b9CFubDMcj9cUL63RNdp5yKUef6XRJN2CEv3mhn4 |
58 |
PckC1yanE52NybvQxnW+xKp4G2qk5V/j0MZpBjUFqO6s1Tn6hw3kLs2VBqtO7wDJ |
59 |
LQWCPkTSyRjSIsJUa4Vg |
60 |
=Zqwb |
61 |
-----END PGP SIGNATURE----- |