Created attachment 314635 [details] emerge --info even though i have userpriv stuff turned on, the distdir/ in the package-specific build tree is owned by root # emerge nano --nodeps ... wait until after src_unpack then CTRL+C ... # ls -l app-editors/nano-2.3.1-r1/distdir/ -a drwxr-xr-x 2 root portage 60 Jun 8 01:58 . drwxrwxr-x 6 vapier portage 220 Jun 8 01:58 .. lrwxrwxrwx 1 root root 40 Jun 8 01:58 nano-2.3.1.tar.gz -> /usr/portage/distfiles/nano-2.3.1.tar.gz i would expect that symlink and the distdir itself to be owned by $PORTAGE_USERNAME:$PORTAGE_GRPNAME, not by root:root ...
Ebuilds aren't supposed to write anything in that directory, so if we go by the principle of least privilege, then we should really be going the opposite direction and treat any writes in that directory as a sandbox violation.
the reason i noticed wasn't because my ebuild was trying to write in there, it's because i tried to `rm -rf` the build dir and found i still needed to sudo just for that. having that path be readable-only makes sense to me. writes should throw sandbox violations so we'd notice.
