From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from [69.77.167.62] (helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Ko0oj-00061l-2r for garchives@archives.gentoo.org; Thu, 09 Oct 2008 19:04:57 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 76913E0792; Thu, 9 Oct 2008 19:03:45 +0000 (UTC) Received: from mail.goodpoint.de (tori.goodpoint.de [85.10.203.41]) by pigeon.gentoo.org (Postfix) with ESMTP id 2D084E0792 for ; Thu, 9 Oct 2008 19:03:45 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: rbu) by mail.goodpoint.de (Postfix) with ESMTP id CC324108A04 for ; Thu, 9 Oct 2008 21:03:43 +0200 (CEST) From: Robert Buchholz To: gentoo-dev@lists.gentoo.org Subject: [gentoo-dev] EAPI change: Call ebuild functions from trusted working directory Date: Thu, 9 Oct 2008 21:03:29 +0200 User-Agent: KMail/1.9.9 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2659839.ok9YVH52Uz"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200810092103.33472.rbu@gentoo.org> X-Archives-Salt: a154bd84-c0d1-4ad3-8ade-6eff7d83865a X-Archives-Hash: 5ba467bbd5a0820e040210683702a67f --nextPart2659839.ok9YVH52Uz Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Hello, currently, PMS section 10.1 states: Some functions may assume that their initial working directory is set to a particular location; these are noted below. If no initial working directory is mandated, it may be set to anything and the ebuild must not rely upon a particular location for it. Please consider the following addition to this paragraph: The ebuild can rely that the chosen initial working direcotry is a trusted location that is not world-writable and owned by a privileged user and group. This change affects all pkg_ functions. Rationale: This feature presents a security hardening to work around=20 vulnerabilities in ebuilds and applications called by ebuilds, and the=20 Gentoo Security Team considers this the official solution to bug 239560 / GLSA 200810-02. I would like: * everyone to comment on the change and propose changes to the wording * council to vote on this change to EAPI-0, -1 and -2. Portage implements this in 2.1.4.5 and 2.2_rc12, Paludis in 0.30.2. I have not heard back from Brian on pkgcore (because this issue has been=20 disclosed to him on a really short notice). Thanks, Robert --nextPart2659839.ok9YVH52Uz Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iQIcBAABAgAGBQJI7lWFAAoJECaaHo/OfoM5LgQP/AzOMoPqbucTm8Mlr94iQfLz wh3O4GEK7JDfXWPAb+nKJbd/fCFm5YxS4QbYRMecGfgTOVI+qARkM4jPV/LRnfSL w2zck04zBV4x8kEuw4rF11mVagA4nhWQJquCIdSxn5UIDulyN/ZfVN7zh4aA9fC2 1uooSInaLxxXE8z19edgeDtUGeQ0cyuBjNZKyk0irjMkqtSENbAaFU+lu5Iq6NRZ xxkP2DdwizfhTjbbavyFd6iV9hbWWWuZCbunIqpDaiu+g7LFT+CIfypQB0wCJgB2 j182K9KuatLaOLKLz5lKxJqHQ6JTVTJTJDrB26LvErSMyrJurlih9teTap7fxuVp xGWliroJIsuE6StqmrVQvFvx0GLCRtfbkqzMZN5Mop7tjteRImqaTZ3f4Erd+7G7 K4bV2dfbDeJojUDOILiAtS6YAmt81yGPKBmA6IXMJW+09Xe08BaIlufHP4B8X6l/ 6KeyaujnoiXTfs9VeaZPtTKsZfwBhJB7JxDYES5ldU7c+WQyhErrrXKtIyHrpXHj E5Fmyujsg/vDmH/4wI8DYjmBFA+gudECSJkbfAjd5IuGtQGS/lQQ0kMsct/c0UGC c6rf9W1SSkc9iFvezX9fEVt2D2T4B0R8DAHmXFkrIVZ/Dex03+RK/OId6WoQoCU9 lDzvUV6p8SlGFppvnzWj =EBS7 -----END PGP SIGNATURE----- --nextPart2659839.ok9YVH52Uz--