| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA512 |
| 3 |
|
| 4 |
On 01/07/2015 12:15 PM, Matt Turner wrote: |
| 5 |
> On Wed, Jan 7, 2015 at 7:57 AM, William Hubbs <williamh@g.o> |
| 6 |
> wrote: |
| 7 |
>> On Wed, Jan 07, 2015 at 06:49:56AM -0500, Philip Webb wrote: |
| 8 |
>>> 150106 William Hubbs wrote: This one is perfectly safe on a |
| 9 |
>>> single-user system : please leave it there. |
| 10 |
>> |
| 11 |
>> I'm not opposed to it staying in the tree under one of these |
| 12 |
>> conditions: |
| 13 |
>> |
| 14 |
>> 1) fix it and remove the mask |
| 15 |
>> |
| 16 |
>> or |
| 17 |
>> |
| 18 |
>> 2) remove the mask and add ewarns to the ebuild |
| 19 |
> |
| 20 |
> Remove the mask that people have to see and actively disable in |
| 21 |
> order to install the software and replace it with ewarn messages |
| 22 |
> that they likely won't read? |
| 23 |
> |
| 24 |
> I don't see the problem with versions with security |
| 25 |
> vulnerabilities masked in the tree. nethack in particular has been |
| 26 |
> masked in the tree since 2006, so we have some precedence. |
| 27 |
> |
| 28 |
> |
| 29 |
|
| 30 |
The only reason there is a security issue with nethack (and other |
| 31 |
games like it) on Gentoo, and only on Gentoo, is that the games team |
| 32 |
policy requires that all games have permissions 0750, with group |
| 33 |
"games", and all users that should be allowed to run games be in the |
| 34 |
"games" group. Nethack expects that it have permissions 2755 (or |
| 35 |
2711), with group "games" and that *no* users are members of that |
| 36 |
group, so it can securely save files that are accessible to all users |
| 37 |
during gameplay ("bones" files) and ensure that the user cannot |
| 38 |
access/change their current save file. These two expectations are |
| 39 |
incompatible with each other, and end up creating a security issue |
| 40 |
that upstream would never expect (as no users can be in the "games" |
| 41 |
group traditionally). |
| 42 |
|
| 43 |
- -- |
| 44 |
Jonathan Callen |
| 45 |
-----BEGIN PGP SIGNATURE----- |
| 46 |
Version: GnuPG v2 |
| 47 |
|
| 48 |
iQIcBAEBCgAGBQJUrc0kAAoJELHSF2kinlg4U48P/0832YIuICSAqjvPd2HOevs0 |
| 49 |
PISYT08qafzPevhppfe4YC4G1Z2hpoUaiLTiEozHDGfEkwoxMjIQQWEB1idco5Wo |
| 50 |
gbYtUtX3X7BgAlBQxNMlb6jnc+xExAKqwB35SJF4374s3gw3GEWmED2eNJzgCdnM |
| 51 |
pERhAsKXpc9GNFCY31QmscWFAu+Wk7l8HjEWjKbZ9491dHESDpzBp3HSPoxGtUMH |
| 52 |
wsL9vVhfS/JPEbLTcoCWwyx2s/et/wuEcnEO7c0N2byfxm6e0MXPS8vs4ZiMCRsl |
| 53 |
+nVKTkCH4uH5LTF7KQJ/Djiju4+dtydmByOJ/FrC3T+6E47X4n8m4fXWUa09jHsZ |
| 54 |
VO6YOxJLSbitw0FVE2RubGKbDVbQE7vHRefGxgtv0ZnpkeFC/8hoOAmntFCkbkmy |
| 55 |
WKtTPNPxCCOIMU6AE4G53HkeLJ9aOBZFl/el4OKYGTTuRX6o80f0GzRdsiFAqbqz |
| 56 |
CbP+pSDFMeqicP0P2R2rt5VFfa61DHLWYTO93hcSfgsBJ3tTFAPE4rh/hFQtbz0Z |
| 57 |
W4Mife7QLN6SVh5KjWlUSAv3b9CFubDMcj9cUL63RNdp5yKUef6XRJN2CEv3mhn4 |
| 58 |
PckC1yanE52NybvQxnW+xKp4G2qk5V/j0MZpBjUFqO6s1Tn6hw3kLs2VBqtO7wDJ |
| 59 |
LQWCPkTSyRjSIsJUa4Vg |
| 60 |
=Zqwb |
| 61 |
-----END PGP SIGNATURE----- |
Archives