Summary: | games-puzzle/ltris-1.0.19-r1 : QA Security Notice: world writable file(s): | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Toralf Förster <toralf> |
Component: | Current packages | Assignee: | Gentoo Games <games> |
Status: | RESOLVED FIXED | ||
Severity: | QA | CC: | qa |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://github.com/gentoo/gentoo/pull/31140 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: |
etc.portage.tbz2
games-puzzle:ltris-1.0.19-r1:20190408-010333.log |
Description
Toralf Förster
2019-04-08 18:00:55 UTC
Created attachment 572268 [details]
etc.portage.tbz2
Created attachment 572270 [details]
games-puzzle:ltris-1.0.19-r1:20190408-010333.log
Assuming this is a highscore file, it should live in /var/lib/ltris.hscr: https://projects.gentoo.org/qa/policy-guide/filesystem.html#pg0205 "If games need privileged access to shared files, the group gamestat can be used for this purpose. The game executables should be owned by that group and made setgid. The shared files must be installed into /var/games hierarchy, and writable to gamestat group." The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fe39371f860060a5b540dddd2900e8297b562308 commit fe39371f860060a5b540dddd2900e8297b562308 Author: Ulrich Müller <ulm@gentoo.org> AuthorDate: 2023-05-23 07:05:50 +0000 Commit: Ulrich Müller <ulm@gentoo.org> CommitDate: 2023-05-23 07:58:36 +0000 games-puzzle/ltris: Install highscore file in /var/games Update to EAPI 8. Closes: https://bugs.gentoo.org/682898 Signed-off-by: Ulrich Müller <ulm@gentoo.org> ...ris-1.0.19-r1.ebuild => ltris-1.0.19-r2.ebuild} | 23 ++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) |