Hello, currently, PMS section 10.1 states:
Some functions may assume that their initial working directory is set to a particular location; these are noted below. If no initial working directory is mandated, it may be set to anything and the ebuild must not rely upon a particular location for it. Please consider the following addition to this paragraph: The ebuild can rely that the chosen initial working direcotry is a trusted location that is not world-writable and owned by a privileged user and group. This change affects all pkg_ functions. Rationale: This feature presents a security hardening to work around vulnerabilities in ebuilds and applications called by ebuilds, and the Gentoo Security Team considers this the official solution to bug 239560 / GLSA 200810-02. I would like: * everyone to comment on the change and propose changes to the wording * council to vote on this change to EAPI-0, -1 and -2. Portage implements this in 2.1.4.5 and 2.2_rc12, Paludis in 0.30.2. I have not heard back from Brian on pkgcore (because this issue has been disclosed to him on a really short notice). Thanks, Robert
signature.asc
Description: This is a digitally signed message part.
