| 1 |
On Thu, Jan 8, 2015 at 4:45 AM, Pacho Ramos <pacho@g.o> wrote: |
| 2 |
> El mié, 07-01-2015 a las 19:19 -0500, Jonathan Callen escribió: |
| 3 |
> [...] |
| 4 |
>> The only reason there is a security issue with nethack (and other |
| 5 |
>> games like it) on Gentoo, and only on Gentoo, is that the games team |
| 6 |
>> policy requires that all games have permissions 0750, with group |
| 7 |
>> "games", and all users that should be allowed to run games be in the |
| 8 |
>> "games" group. Nethack expects that it have permissions 2755 (or |
| 9 |
>> 2711), with group "games" and that *no* users are members of that |
| 10 |
>> group, so it can securely save files that are accessible to all users |
| 11 |
>> during gameplay ("bones" files) and ensure that the user cannot |
| 12 |
>> access/change their current save file. These two expectations are |
| 13 |
>> incompatible with each other, and end up creating a security issue |
| 14 |
>> that upstream would never expect (as no users can be in the "games" |
| 15 |
>> group traditionally). |
| 16 |
>> |
| 17 |
>> |
| 18 |
> |
| 19 |
> If I don't misremember Council allowed finally people to not be mandated |
| 20 |
> by that "games team" policies and, then, I guess that could finally |
| 21 |
> allow to drop that security issue no? :/ |
| 22 |
> |
| 23 |
|
| 24 |
This is correct, if the maintainer wishes. |
| 25 |
|
| 26 |
-- |
| 27 |
Rich |
Archives