List Archive: gentoo-dev
Hello,
currently, PMS section 10.1 states:
Some functions may assume that their initial working directory is
set to a particular location; these are noted below.
If no initial working directory is mandated, it may be set to
anything and the ebuild must not rely upon a particular location
for it.
Please consider the following addition to this paragraph:
The ebuild can rely that the chosen initial working direcotry is
a trusted location that is not world-writable and owned by
a privileged user and group.
This change affects all pkg_ functions.
Rationale:
This feature presents a security hardening to work around
vulnerabilities in ebuilds and applications called by ebuilds, and the
Gentoo Security Team considers this the official solution to
bug 239560 / GLSA 200810-02.
I would like:
* everyone to comment on the change and propose changes to the wording
* council to vote on this change to EAPI-0, -1 and -2.
Portage implements this in 2.1.4.5 and 2.2_rc12, Paludis in 0.30.2.
I have not heard back from Brian on pkgcore (because this issue has been
disclosed to him on a really short notice).
Thanks,
Robert
|
| Attachment: |
|
signature.asc (This is a digitally signed message part.)
|
|
