Summary: | Gentoo's Security Policy and the ebuild concept breaks FHS standards | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sascha Wuestemann <bigfoot> |
Component: | Default Configs | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | normal | CC: | jakub |
Priority: | Highest | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Sascha Wuestemann
2006-09-22 12:40:56 UTC
There's nothing security could fix here, so there's no point in assigning this to security folks. Get genkernel maintainer fix genkernel to honor PORTAGE_TMPDIR. And yes, it needs to be mounted +exec, however there's no default partition layout and noone is forcing you to mount it with exec, noone's even forcing you to use /var/tmp as PORTAGE_TMPDIR (and most people don't even have /var/tmp or /tmp as a separate partition. Fail to see the security issue here really. Plus noone claims that Gentoo is FHS compliant in cases where it doesn't make sense. I respect your opinion although I don't share it. I am a user and yes, you are right, I am free to mount /var/tmp nonexecutable and I have done so - I only thought that this was a bit more interesting for you security people and maybe even a step to rethink about the security policy gentoo follows. Of couse there are many users out there who even do not have more than one partition at all but _this_ prooves nothing. In my eyes this is a major mistake in the portage layout. If I was in the portage maintainer group, I would try to respect the fact that neither /tmp nor /var/tmp needs to be executable. In the end, if you are the wrong people to ask, I thank you for your time and your answer. If there are open questions, ask, else close the bug. (In reply to comment #2) > are many users out there who even do not have more than one partition at all > but _this_ prooves nothing. Sure it does. Having a policy that /var/tmp must be mounted noexec is completely nonsensical if majority of users don't have a separate /var/tmp partition at all. Nothing prevents you from having /var/tmp/portage as separate partion. (On a side note, I'm pretty sure that your /usr/tmp2 doesn't match any FHS specs at all. :P) > In my eyes this is a major mistake in the portage layout. If I was in the > portage maintainer group, I would try to respect the fact that neither /tmp nor > /var/tmp needs to be executable. They don't need to be exec, see above. Again, get genkernel maintainer to fix the hardcoded /var/tmp thing. So just change genkernel too like you do with Portage (see bug #144703). Executable files do not pose a security risk, not unless they're setuid anyway... Also note that genkernel isn't tied in with Portage and hence we won't get it to respect PORTAGE_TMPDIR either. |