1 |
Hello, |
2 |
|
3 |
currently, PMS section 10.1 states: |
4 |
|
5 |
Some functions may assume that their initial working directory is |
6 |
set to a particular location; these are noted below. |
7 |
If no initial working directory is mandated, it may be set to |
8 |
anything and the ebuild must not rely upon a particular location |
9 |
for it. |
10 |
|
11 |
Please consider the following addition to this paragraph: |
12 |
|
13 |
The ebuild can rely that the chosen initial working direcotry is |
14 |
a trusted location that is not world-writable and owned by |
15 |
a privileged user and group. |
16 |
|
17 |
This change affects all pkg_ functions. |
18 |
|
19 |
Rationale: |
20 |
This feature presents a security hardening to work around |
21 |
vulnerabilities in ebuilds and applications called by ebuilds, and the |
22 |
Gentoo Security Team considers this the official solution to |
23 |
bug 239560 / GLSA 200810-02. |
24 |
|
25 |
I would like: |
26 |
* everyone to comment on the change and propose changes to the wording |
27 |
* council to vote on this change to EAPI-0, -1 and -2. |
28 |
|
29 |
Portage implements this in 2.1.4.5 and 2.2_rc12, Paludis in 0.30.2. |
30 |
I have not heard back from Brian on pkgcore (because this issue has been |
31 |
disclosed to him on a really short notice). |
32 |
|
33 |
Thanks, |
34 |
Robert |