Summary: | games-puzzle/bastet - bastet: using a user-specific high scores file: /home/{user}/.bastetscores as the global high scores file /var/games/bastet.scores2 is not writable | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Brandon Sakai <brandon.sakai> |
Component: | Current packages | Assignee: | Gentoo Games <games> |
Status: | UNCONFIRMED --- | ||
Severity: | normal | Keywords: | PATCH |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: | Simple ebuild patch |
Description
Brandon Sakai
2020-02-03 19:36:19 UTC
(In reply to Brandon Sakai from comment #0) > games-puzzle/bastet's ebuild runs the following commands in its src_install() > > touch "${ED}/var/games/bastet.scores" || die "touch failed" > fperms 664 /var/games/bastet.scores It does that? Looks like a security bug. Created attachment 611498 [details, diff]
Simple ebuild patch
This is a quick patch I threw together using games-action/moon-buggy as a guide. I'm not sure what the security issue you see is so I'm not sure if this fixes it or if moon-buggy just also has it.
|