217036 – games-arcade/thinktanks-demo dangerous permissions on internal copy of openal library

Bug 217036 - games-arcade/thinktanks-demo dangerous permissions on internal copy of openal library

Summary: games-arcade/thinktanks-demo dangerous permissions on internal copy of openal...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Games (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Games

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2008-04-09 16:51 UTC by Gordon Malm (RETIRED)
Modified:	2008-04-25 21:55 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Gordon Malm (RETIRED) gentoo-dev

2008-04-09 16:51:28 UTC

games-arcade/thinktanks-demo bundles its own internal copy of libopenal.so that is installed writeable by anyone in the games group:

-rwxrwx--- 1 root games 281812 Jul 31  2003 /opt/thinktanks-demo/lib/libopenal.so

Also, looks old and should probably be checked for CVE.

Reproducible: Always

Comment 1 Tupone Alfredo gentoo-dev

2008-04-17 05:43:32 UTC

game work enough well removing the directory /opt/thinktanks-demo/lib that contains the libraries.

Me wonders if doing a remove and adding some RDEPEND inside the ebuild is the good things to do.

Comment 2 Chris Gianelloni (RETIRED) gentoo-dev

2008-04-25 15:02:15 UTC

That was actually my intention, to see if we could use the system libraries, instead.  I just haven't had much time.  If it is working for you, I say go for it.

Comment 3 Tupone Alfredo gentoo-dev

2008-04-25 21:55:28 UTC

copies of system libraries removed in the 1.1-r1 ebuild.
I'm postponing test on correct building of depending packages, waiting for a better portage support on that.