| 1 |
Hello, |
| 2 |
|
| 3 |
currently, PMS section 10.1 states: |
| 4 |
|
| 5 |
Some functions may assume that their initial working directory is |
| 6 |
set to a particular location; these are noted below. |
| 7 |
If no initial working directory is mandated, it may be set to |
| 8 |
anything and the ebuild must not rely upon a particular location |
| 9 |
for it. |
| 10 |
|
| 11 |
Please consider the following addition to this paragraph: |
| 12 |
|
| 13 |
The ebuild can rely that the chosen initial working direcotry is |
| 14 |
a trusted location that is not world-writable and owned by |
| 15 |
a privileged user and group. |
| 16 |
|
| 17 |
This change affects all pkg_ functions. |
| 18 |
|
| 19 |
Rationale: |
| 20 |
This feature presents a security hardening to work around |
| 21 |
vulnerabilities in ebuilds and applications called by ebuilds, and the |
| 22 |
Gentoo Security Team considers this the official solution to |
| 23 |
bug 239560 / GLSA 200810-02. |
| 24 |
|
| 25 |
I would like: |
| 26 |
* everyone to comment on the change and propose changes to the wording |
| 27 |
* council to vote on this change to EAPI-0, -1 and -2. |
| 28 |
|
| 29 |
Portage implements this in 2.1.4.5 and 2.2_rc12, Paludis in 0.30.2. |
| 30 |
I have not heard back from Brian on pkgcore (because this issue has been |
| 31 |
disclosed to him on a really short notice). |
| 32 |
|
| 33 |
Thanks, |
| 34 |
Robert |
Archives