QA: other QA Security Notice: world writable file(s): /var/lib/ltris.hscr This may or may not be a security problem, most of the time it is one. Please double check that ltris-1.0.19-r1 really needs a world writeable bit and file bugs accordingly. ------------------------------------------------------------------- This is an unstable amd64 chroot image at a tinderbox (==build bot) name: 17.1_libressl_20190405-161922 -------------------------------------------------------------------
Created attachment 572268 [details] etc.portage.tbz2
Created attachment 572270 [details] games-puzzle:ltris-1.0.19-r1:20190408-010333.log
Assuming this is a highscore file, it should live in /var/lib/ltris.hscr: https://projects.gentoo.org/qa/policy-guide/filesystem.html#pg0205 "If games need privileged access to shared files, the group gamestat can be used for this purpose. The game executables should be owned by that group and made setgid. The shared files must be installed into /var/games hierarchy, and writable to gamestat group."
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fe39371f860060a5b540dddd2900e8297b562308 commit fe39371f860060a5b540dddd2900e8297b562308 Author: Ulrich Müller <ulm@gentoo.org> AuthorDate: 2023-05-23 07:05:50 +0000 Commit: Ulrich Müller <ulm@gentoo.org> CommitDate: 2023-05-23 07:58:36 +0000 games-puzzle/ltris: Install highscore file in /var/games Update to EAPI 8. Closes: https://bugs.gentoo.org/682898 Signed-off-by: Ulrich Müller <ulm@gentoo.org> ...ris-1.0.19-r1.ebuild => ltris-1.0.19-r2.ebuild} | 23 ++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-)
