Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 137610

Summary: sys-apps/portage: portage user only assumes portage group with FEATURES=userpriv
Product: Portage Development Reporter: Sascha G. <s.geschwandtner>
Component: CoreAssignee: Portage team <dev-portage>
Status: RESOLVED FIXED    
Severity: normal CC: kaiowas, rockoo
Priority: High Keywords: InVCS
Version: 2.1   
Hardware: All   
OS: All   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 147007    
Attachments: Example ebuild to show which groups the portage user is in at specific points.
call setgroups with all groups that the portage user belongs to

Description Sascha G. 2006-06-22 09:26:09 UTC 
When using FEATURES=userpriv, the portage user only gets one group (portage) assigned, leaving out every other group this user has been put into.
This makes it, for example, impossible to use the TPE (Trusted Path Execution) in the hardened kernel cleanly, which relies on a special group to grant privileges to execute programs certain directories.

I have verified this by creating an ebuild that prints the output of the id and groups commands, which gives the following:
ID=uid=250(portage) gid=250(portage) groups=250(portage)
GROUPS=portage


Portage 2.1.1_pre1-r1 (selinux/2005.1/x86/hardened, gcc-3.4.6/hardened, glibc-2.3.6-r4, 2.6.16-hardened-r7 i686)
=================================================================
System uname: 2.6.16-hardened-r7 i686 Intel(R) Pentium(R) 4 CPU 1.60GHz
Gentoo Base System version 1.12.1
dev-lang/python:     2.4.3-r1
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     [Not Present]
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.18.1
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.93
sys-devel/gcc-config: [Not Present]
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r5
ACCEPT_KEYWORDS="x86 ~x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -pipe -march=pentium4 -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/eselect/compiler /etc/gconf /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-O2 -pipe -march=pentium4 -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS="--alphabetical"
FEATURES="autoconfig collision-protect distlocks loadpolicy parallel-fetch sandbox selinux sfperms strict userpriv usersandbox"
GENTOO_MIRRORS="ftp://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ ftp://ftp.wh2.tu-dresden.de/pub/mirrors/gentoo ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo ftp://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/"
LANG="en_US.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LINGUAS="en"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_EXTRA_OPTS="--exclude-from /etc/portage/rsync_excludes"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="x86 X a52 aac alsa bzip2 caps cjk crypt cups curl dts dvd dvdread ffmpeg flac ftp gif glut gtk hardened idn ipv6 jpeg kdeenablefinal mad matroska mikmod mmap mmx mp3 ncurses nptl offensive ogg opengl pam pic png readline selinux sndfile sse sse2 ssl theora threads tiff truetype unicode vorbis win32codecs xinerama xv xvid zlib elibc_glibc input_devices_evdev input_devices_keyboard input_devices_mouse kernel_linux linguas_en userland_GNU"
Unset:  CTARGET, INSTALL_MASK, LC_ALL
Comment 1 Sascha G. 2006-06-22 09:33:02 UTC 
(In reply to comment #0)

Sorry, I have been proofreading this three times, but it somehow slipped through. I just want to correct this, in case it might be unclear otherwise:

This makes it, for example, impossible to use the TPE (Trusted Path Execution) extension in the hardened kernel cleanly, which relies on a special group to grant privileges to execute programs in certain directories.
Comment 2 Sascha G. 2006-07-01 13:59:07 UTC 
Created attachment 90642 [details]
Example ebuild to show which groups the portage user is in at specific points.
Comment 3 Tudor Vaida 2006-10-19 13:21:28 UTC 
Confirmed with user portage in the tpe group - with inverted option (trusted group), './configure's fail.
Comment 4 Zac Medico gentoo-dev 2006-10-19 16:07:05 UTC 
Created attachment 100050 [details, diff]
call setgroups with all groups that the portage user belongs to

This is fixed in svn r4760.
Comment 5 Zac Medico gentoo-dev 2006-10-20 16:37:12 UTC 
This has been released in 2.1.2_pre3-r6.
Comment 6 Zac Medico gentoo-dev 2007-01-11 05:14:30 UTC 
*** Bug 98604 has been marked as a duplicate of this bug. ***
Comment 7 Zac Medico gentoo-dev 2007-01-11 05:17:13 UTC 
*** Bug 97477 has been marked as a duplicate of this bug. ***