On Thu, Jan 08, 2015 at 05:53:47AM -0500, Rich Freeman wrote: > On Thu, Jan 8, 2015 at 4:45 AM, Pacho Ramos <pa...@gentoo.org> wrote: > > El mié, 07-01-2015 a las 19:19 -0500, Jonathan Callen escribió: > > [...] > >> The only reason there is a security issue with nethack (and other > >> games like it) on Gentoo, and only on Gentoo, is that the games team > >> policy requires that all games have permissions 0750, with group > >> "games", and all users that should be allowed to run games be in the > >> "games" group. Nethack expects that it have permissions 2755 (or > >> 2711), with group "games" and that *no* users are members of that > >> group, so it can securely save files that are accessible to all users > >> during gameplay ("bones" files) and ensure that the user cannot > >> access/change their current save file. These two expectations are > >> incompatible with each other, and end up creating a security issue > >> that upstream would never expect (as no users can be in the "games" > >> group traditionally). > >> > >> > > > > If I don't misremember Council allowed finally people to not be mandated > > by that "games team" policies and, then, I guess that could finally > > allow to drop that security issue no? :/ > > > > This is correct, if the maintainer wishes.
Rich is correct, maintainers are no longer bound by the games team policy. Since this is a popular game, I urge someone to take it over and fix the issue. If I were taking it over, I would immediately look into rewriting the ebuild to not use games.eclass. William
signature.asc
Description: Digital signature