1 |
On Thu, Jan 08, 2015 at 05:53:47AM -0500, Rich Freeman wrote: |
2 |
> On Thu, Jan 8, 2015 at 4:45 AM, Pacho Ramos <pacho@g.o> wrote: |
3 |
> > El mié, 07-01-2015 a las 19:19 -0500, Jonathan Callen escribió: |
4 |
> > [...] |
5 |
> >> The only reason there is a security issue with nethack (and other |
6 |
> >> games like it) on Gentoo, and only on Gentoo, is that the games team |
7 |
> >> policy requires that all games have permissions 0750, with group |
8 |
> >> "games", and all users that should be allowed to run games be in the |
9 |
> >> "games" group. Nethack expects that it have permissions 2755 (or |
10 |
> >> 2711), with group "games" and that *no* users are members of that |
11 |
> >> group, so it can securely save files that are accessible to all users |
12 |
> >> during gameplay ("bones" files) and ensure that the user cannot |
13 |
> >> access/change their current save file. These two expectations are |
14 |
> >> incompatible with each other, and end up creating a security issue |
15 |
> >> that upstream would never expect (as no users can be in the "games" |
16 |
> >> group traditionally). |
17 |
> >> |
18 |
> >> |
19 |
> > |
20 |
> > If I don't misremember Council allowed finally people to not be mandated |
21 |
> > by that "games team" policies and, then, I guess that could finally |
22 |
> > allow to drop that security issue no? :/ |
23 |
> > |
24 |
> |
25 |
> This is correct, if the maintainer wishes. |
26 |
|
27 |
Rich is correct, maintainers are no longer bound by the games team |
28 |
policy. |
29 |
|
30 |
Since this is a popular game, I urge someone to take it over and fix the |
31 |
issue. If I were taking it over, I would immediately look into rewriting |
32 |
the ebuild to not use games.eclass. |
33 |
|
34 |
William |