Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 90255 - Make all compilers install as root:compilation 0750
Summary: Make all compilers install as root:compilation 0750
Status: RESOLVED WONTFIX
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Default Configs (show other bugs)
Hardware: All All
: High enhancement (vote)
Assignee: Gentoo Toolchain Maintainers
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-04-24 09:50 UTC by Matteo Settenvini
Modified: 2005-04-25 04:28 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matteo Settenvini 2005-04-24 09:50:26 UTC 
We all know that, expecially on a server accessible from the external world, having the compiler free to use for everyone may not be a good idea. Although this does not prevent people to, e.g., produce their own binaries on their machines and then transfer them to the server, denying the possibility to compile potentially malicious programs on a host machine makes crackers' work harder.

Thus, I purpose that we install all compilers (in particular, gcc) with user ``root'', group ``compilation'' (or a new ad-hoc created group, whatever you like) and default permissions set to 640.

So it may be a good idea to allow access by default only to some trusted users, those in the afore mentioned ``compilation'' group, for example.
Sysadmins can easily modify /etc/group to enable some (hopefully, local) users to access the compiler(s).

I know that sysadmins could do it by themselves, but at least with gcc:
a) installed files go in a zillion different places
b) people always forget to do it, so it would be a good default
c) if _all_ ebuilds installing programs that produce in some way runnable binaries on a system are set to this behaviour (maybe in an appropriate eclass), it would be a good step towards improved security, imho.

I did only quick researching about how to implement this, but it appears that it boils down to:

- check before installation that the hypotetical group ``compilation'' exists. If not, create it. If I understand it correctly, a function already exists in eutils.

enewgroup compilation

- invoke ``make install'' in the following way: 

INSTALL_PROGRAM="/usr/bin/install -c -m 640 -o root -g compilation" \ 
INSTALL_DATA="/usr/bin/install -c -m 644 -o root -g compilation" make install

For the gij binary, we must remember to make it 644 again.

This should at least work for all those packages that use autoconf/automake (90% of projects out there?). 

Some relevant packages that could benefit of this new behaviour:
- gcc
- nasm
We can't obviously apply these restrictions to interpreters. E.g. gcj is ok because the interpreter is gij, but some interpreters that are also compilers (clisp?) can't be set 640 for obvious reasons.

Please let me know what are your feelings on this. Without being too rude. :-)
Comment 1 Ciaran McCreesh 2005-04-24 10:05:58 UTC 
By 640 I guess you mean 750?
Comment 2 Matteo Settenvini 2005-04-24 13:00:05 UTC 
Yes, I'm sorry, programs need to have permission to execute.
Dunno what I was thinking about when I wrote it. :-)
Thanks Ciaran.
Comment 3 solar (RETIRED) gentoo-dev 2005-04-24 19:32:18 UTC 
I do not see the security value in doing this
Comment 4 Jeremy Huddleston (RETIRED) gentoo-dev 2005-04-25 04:28:04 UTC 
Yeah, I agree with solar here... there's no reason for doing this.