Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 454060

Summary: allow override of root/user detection
Product: Portage Development Reporter: Rick Farina (Zero_Chaos) <zerochaos>
Component: Enhancement/Feature RequestsAssignee: Portage team <dev-portage>
Status: RESOLVED FIXED    
Severity: normal Keywords: InVCS
Priority: Normal    
Version: 2.2   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 456888    

Description Rick Farina (Zero_Chaos) gentoo-dev 2013-01-25 19:21:55 UTC
Recently I've been using prefix on some awkward platforms (read: Android) that don't have /etc/group or /etc/passwd

portage actually works fine if I can create an /etc/passwd and /etc/group, however, on certain devices this simply isn't possible (/ isn't writable and doesn't save changes)

Please add a --no-srsly-i-am-root or some other arcane flag to disable these checks.

without /etc/group it does this:
mysettings["PORTAGE_BUILD_GROUP"] = grp.getgrgid(portage_build_gid).gr_name
KeyError: 'getgrgid(): gid not found: 0'

without /etc/passwd it does this:
mysettings["PORTAGE_BUILD_USER"] = pwd.getpwuid(portage_build_uid).pw_name
KeyError: 'getpwuid(): uid not found: 0'

if either is missing it loudly complains at start of build:
portage: 'root' user or 'root' group missing.
         In Prefix Portage this is quite dramatic
         since it means you have thrown away yourself.
         Re-add yourself or re-bootstrap Gentoo Prefix.
*** WARNING ***  For security reasons, only system administrators should be
*** WARNING ***  allowed in the portage group.  Untrusted users or processes
*** WARNING ***  can potentially exploit the portage group for attacks such as
*** WARNING ***  local privilege escalation.
Comment 2 Zac Medico gentoo-dev 2013-01-25 20:12:00 UTC
(In reply to comment #0)
> *** WARNING ***  For security reasons, only system administrators should be
> *** WARNING ***  allowed in the portage group.  Untrusted users or processes
> *** WARNING ***  can potentially exploit the portage group for attacks such
> as
> *** WARNING ***  local privilege escalation.

I guess we'll need another patch to silence this. Maybe we could have you set both PORTAGE_GRPNAME and PORTAGE_USERNAME to 'root', and silently use 0 for uid and gid if getpwnam and getgrnam throw KeyError.
Comment 3 Rick Farina (Zero_Chaos) gentoo-dev 2013-01-25 20:21:12 UTC
(In reply to comment #1)
> Test please:
> 
> http://git.overlays.gentoo.org/gitweb/?p=proj/portage.git;a=commit;
> h=f8aeff8f33eaf6b9f634a45278f9eaef11633427

flawless, fantastic
Comment 4 Rick Farina (Zero_Chaos) gentoo-dev 2013-01-25 20:23:15 UTC
(In reply to comment #2)
> (In reply to comment #0)
> > *** WARNING ***  For security reasons, only system administrators should be
> > *** WARNING ***  allowed in the portage group.  Untrusted users or processes
> > *** WARNING ***  can potentially exploit the portage group for attacks such
> > as
> > *** WARNING ***  local privilege escalation.
> 
> I guess we'll need another patch to silence this. Maybe we could have you
> set both PORTAGE_GRPNAME and PORTAGE_USERNAME to 'root', and silently use 0
> for uid and gid if getpwnam and getgrnam throw KeyError.

setting those two env variables didn't change anything.  

if it helps:

localhost portage # whoami
whoami: cannot find name for user ID 0
Comment 5 Rick Farina (Zero_Chaos) gentoo-dev 2013-01-25 20:26:19 UTC
also of note:

chgrp: invalid group: 'root'
chgrp: invalid group: 'root'
chgrp: invalid group: 'root'
chgrp: invalid group: 'root'
chgrp: invalid group: 'root'
portage: 'root' user or 'root' group missing.
         In Prefix Portage this is quite dramatic
         since it means you have thrown away yourself.
         Re-add yourself or re-bootstrap Gentoo Prefix.
*** WARNING ***  For security reasons, only system administrators should be
*** WARNING ***  allowed in the portage group.  Untrusted users or processes
*** WARNING ***  can potentially exploit the portage group for attacks such as
*** WARNING ***  local privilege escalation.
Comment 6 Zac Medico gentoo-dev 2013-01-25 21:32:20 UTC
(In reply to comment #4)
> setting those two env variables didn't change anything.  

You'll need this patch:

http://git.overlays.gentoo.org/gitweb/?p=proj/portage.git;a=commit;h=b1e27de54c2ff4b383e5efe62b0ddb785c0573e8
Comment 7 Zac Medico gentoo-dev 2013-02-12 04:19:12 UTC
This is fixed in 2.1.11.51 and 2.2.0_alpha162.