As I noticed by surprise while reporting bug 144703 /var/tmp has to be mounted _with_ executable flag. I missed this fact for ages, because my tmp-directories are small separate partitions or even none and mounted to tmpfs with no executable capabilities and in the old days I had already changed the portage build directory for space reasons to another point: PORTAGE_TMPDIR="/usr/tmp2". I have used Gentoo for several years without having any problems with this configuration. But now the genkernel package fails to emerge because it seems to be hardcoded to use /var/tmp to execute a generated script despite all other ebuild scripts I have ever used evaluate /etc/make.conf to get my /usr/tmp2 as PORTAGE_TMPDIR. The maintainer disagrees with me that this is a major security hole and should have top priority. The reason I have chosen /tmp and /var/tmp mounted nonexutable is a basic FHS security means Gentoo should bear. No software known to me needs executable rights at a tmp-directory. Only gentoo's ebuild system insists of it if the defaults are used. And malware, too, of course. I think you should respect basic FHS security means before thinking about more complicated solutions, so I ask you to think over the /var/tmp concept for ebuilds!
There's nothing security could fix here, so there's no point in assigning this to security folks. Get genkernel maintainer fix genkernel to honor PORTAGE_TMPDIR. And yes, it needs to be mounted +exec, however there's no default partition layout and noone is forcing you to mount it with exec, noone's even forcing you to use /var/tmp as PORTAGE_TMPDIR (and most people don't even have /var/tmp or /tmp as a separate partition. Fail to see the security issue here really. Plus noone claims that Gentoo is FHS compliant in cases where it doesn't make sense.
I respect your opinion although I don't share it. I am a user and yes, you are right, I am free to mount /var/tmp nonexecutable and I have done so - I only thought that this was a bit more interesting for you security people and maybe even a step to rethink about the security policy gentoo follows. Of couse there are many users out there who even do not have more than one partition at all but _this_ prooves nothing. In my eyes this is a major mistake in the portage layout. If I was in the portage maintainer group, I would try to respect the fact that neither /tmp nor /var/tmp needs to be executable. In the end, if you are the wrong people to ask, I thank you for your time and your answer. If there are open questions, ask, else close the bug.
(In reply to comment #2) > are many users out there who even do not have more than one partition at all > but _this_ prooves nothing. Sure it does. Having a policy that /var/tmp must be mounted noexec is completely nonsensical if majority of users don't have a separate /var/tmp partition at all. Nothing prevents you from having /var/tmp/portage as separate partion. (On a side note, I'm pretty sure that your /usr/tmp2 doesn't match any FHS specs at all. :P) > In my eyes this is a major mistake in the portage layout. If I was in the > portage maintainer group, I would try to respect the fact that neither /tmp nor > /var/tmp needs to be executable. They don't need to be exec, see above. Again, get genkernel maintainer to fix the hardcoded /var/tmp thing.
So just change genkernel too like you do with Portage (see bug #144703). Executable files do not pose a security risk, not unless they're setuid anyway... Also note that genkernel isn't tied in with Portage and hence we won't get it to respect PORTAGE_TMPDIR either.
