Summary: | allow override of root/user detection | ||
---|---|---|---|
Product: | Portage Development | Reporter: | Rick Farina (Zero_Chaos) <zerochaos> |
Component: | Enhancement/Feature Requests | Assignee: | Portage team <dev-portage> |
Status: | RESOLVED FIXED | ||
Severity: | normal | Keywords: | InVCS |
Priority: | Normal | ||
Version: | 2.2 | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 456888 |
Description
Rick Farina (Zero_Chaos)
2013-01-25 19:21:55 UTC
Test please: http://git.overlays.gentoo.org/gitweb/?p=proj/portage.git;a=commit;h=f8aeff8f33eaf6b9f634a45278f9eaef11633427 (In reply to comment #0) > *** WARNING *** For security reasons, only system administrators should be > *** WARNING *** allowed in the portage group. Untrusted users or processes > *** WARNING *** can potentially exploit the portage group for attacks such > as > *** WARNING *** local privilege escalation. I guess we'll need another patch to silence this. Maybe we could have you set both PORTAGE_GRPNAME and PORTAGE_USERNAME to 'root', and silently use 0 for uid and gid if getpwnam and getgrnam throw KeyError. (In reply to comment #1) > Test please: > > http://git.overlays.gentoo.org/gitweb/?p=proj/portage.git;a=commit; > h=f8aeff8f33eaf6b9f634a45278f9eaef11633427 flawless, fantastic (In reply to comment #2) > (In reply to comment #0) > > *** WARNING *** For security reasons, only system administrators should be > > *** WARNING *** allowed in the portage group. Untrusted users or processes > > *** WARNING *** can potentially exploit the portage group for attacks such > > as > > *** WARNING *** local privilege escalation. > > I guess we'll need another patch to silence this. Maybe we could have you > set both PORTAGE_GRPNAME and PORTAGE_USERNAME to 'root', and silently use 0 > for uid and gid if getpwnam and getgrnam throw KeyError. setting those two env variables didn't change anything. if it helps: localhost portage # whoami whoami: cannot find name for user ID 0 also of note: chgrp: invalid group: 'root' chgrp: invalid group: 'root' chgrp: invalid group: 'root' chgrp: invalid group: 'root' chgrp: invalid group: 'root' portage: 'root' user or 'root' group missing. In Prefix Portage this is quite dramatic since it means you have thrown away yourself. Re-add yourself or re-bootstrap Gentoo Prefix. *** WARNING *** For security reasons, only system administrators should be *** WARNING *** allowed in the portage group. Untrusted users or processes *** WARNING *** can potentially exploit the portage group for attacks such as *** WARNING *** local privilege escalation. (In reply to comment #4) > setting those two env variables didn't change anything. You'll need this patch: http://git.overlays.gentoo.org/gitweb/?p=proj/portage.git;a=commit;h=b1e27de54c2ff4b383e5efe62b0ddb785c0573e8 This is fixed in 2.1.11.51 and 2.2.0_alpha162. |