Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 19147 - portage root compromise
Summary: portage root compromise
Status: RESOLVED FIXED
Alias: None
Product: Portage Development
Classification: Unclassified
Component: Unclassified (show other bugs)
Hardware: All Linux
: High critical
Assignee: Nicholas Jones (RETIRED)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-04-11 11:03 UTC by Toby Dickenson
Modified: 2011-10-30 22:20 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Toby Dickenson 2003-04-11 11:03:31 UTC 
The python unpickling function can execute arbitrary code given a carefully crafted 
pickle. This characteristic is by design: 
http://www.python.org/doc/current/lib/pickle-sec.html 
 
The file /var/cache/edb/mtimedb is writable by the group "portage", and it contains a 
pickle. 
 
Therefore anyone in the "portage" group can modify this file, and execute arbitrary 
code inside the next process that unpickles this file - possibly by root.
Comment 1 Nicholas Jones (RETIRED) gentoo-dev 2003-04-12 18:55:41 UTC 
Fixed in CVS for 2.0.48

You really should be trusting any users you allow access to portage though.