Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 139490 Details for
Bug 125902
<games-roguelike/nethack-3.4.3-r2: local privilege escalation and insecure savegame creation (CVE-2006-1390)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Ebuild patch to protect state directory from modification by users
state-dir-permissions-fix.patch (text/plain), 1.46 KB, created by
Andrew Church
on 2007-12-28 09:23:01 UTC
(
hide
)
Description:
Ebuild patch to protect state directory from modification by users
Filename:
MIME Type:
Creator:
Andrew Church
Created:
2007-12-28 09:23:01 UTC
Size:
1.46 KB
patch
obsolete
>--- /usr/portage/games-roguelike/nethack/nethack-3.4.3-r1.ebuild 2007-04-01 13:35:45 +0900 >+++ nethack-3.4.3-r1.ebuild 2007-12-28 18:19:46 +0900 >@@ -32,6 +32,10 @@ > > HACKDIR="${GAMES_DATADIR}/${PN}" > >+pkg_setup() { >+ enewgroup nethack >+} >+ > src_unpack() { > unpack ${A} > >@@ -173,8 +177,22 @@ > make_desktop_entry nethack "Nethack" > > prepgamesdirs >- chmod -R 660 "${D}/${statedir}" >- chmod 770 "${D}/${statedir}" "${D}/${statedir}/save" >+ >+ # Prevent users from modifying state files (#125902) >+ chgrp -R nethack "${D}/${HACKDIR}" "${D}/${statedir}" || die "chgrp nethack" >+ chmod -R 640 "${D}/${HACKDIR}" || die "chmod hackdir 1" >+ chmod 750 "${D}/${HACKDIR}" || die "chmod hackdir 2" >+ chmod -R 660 "${D}/${statedir}" || die "chmod statedir 1" >+ chmod 770 "${D}/${statedir}" "${D}/${statedir}/save" \ >+ || die "chmod statedir 2" >+ # Note that ${GAMES_BINDIR}/nethack is a shell script, so we make the >+ # actual binary setgid >+ chgrp nethack \ >+ "${D}/${HACKDIR}/nethack" "${D}/${GAMES_BINDIR}/recover-nethack" \ >+ || die "chgrp binaries" >+ chmod 2751 \ >+ "${D}/${HACKDIR}/nethack" "${D}/${GAMES_BINDIR}/recover-nethack" \ >+ || die "chmod binaries" > } > > pkg_postinst() { >@@ -184,4 +202,8 @@ > ewarn "please see Bug 32629 for more information" > fi > elog "You may want to look at /etc/skel/.nethackrc for interesting options" >+ >+ # Yes, Virginia, there is a nethack group (kludge for #125902) >+ chgrp -v -R nethack "${GAMES_STATEDIR}/${PN}" \ >+ || die "failed to chgrp state dir" > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=139490">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 125902
:
139487
|
139490
|
139499
|
146573
