1 |
Dnia 2015-01-08, o godz. 10:45:33 |
2 |
Pacho Ramos <pacho@g.o> napisał(a): |
3 |
|
4 |
> El mié, 07-01-2015 a las 19:19 -0500, Jonathan Callen escribió: |
5 |
> [...] |
6 |
> > The only reason there is a security issue with nethack (and other |
7 |
> > games like it) on Gentoo, and only on Gentoo, is that the games team |
8 |
> > policy requires that all games have permissions 0750, with group |
9 |
> > "games", and all users that should be allowed to run games be in the |
10 |
> > "games" group. Nethack expects that it have permissions 2755 (or |
11 |
> > 2711), with group "games" and that *no* users are members of that |
12 |
> > group, so it can securely save files that are accessible to all users |
13 |
> > during gameplay ("bones" files) and ensure that the user cannot |
14 |
> > access/change their current save file. These two expectations are |
15 |
> > incompatible with each other, and end up creating a security issue |
16 |
> > that upstream would never expect (as no users can be in the "games" |
17 |
> > group traditionally). |
18 |
> > |
19 |
> > |
20 |
> |
21 |
> If I don't misremember Council allowed finally people to not be mandated |
22 |
> by that "games team" policies and, then, I guess that could finally |
23 |
> allow to drop that security issue no? :/ |
24 |
|
25 |
If it were that simple... but we need to clean up that long-outstanding |
26 |
mess. And we have no guarantees someone won't bring it back to us since |
27 |
the eclasses are still allowed to be used. |
28 |
|
29 |
-- |
30 |
Best regards, |
31 |
Michał Górny |