| Summary: | allow override of root/user detection | ||
|---|---|---|---|
| Product: | Portage Development | Reporter: | Rick Farina (Zero_Chaos) <zerochaos> |
| Component: | Enhancement/Feature Requests | Assignee: | Portage team <dev-portage> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | Keywords: | InVCS |
| Priority: | Normal | ||
| Version: | 2.2 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | |||
| Bug Blocks: | 456888 | ||
Test please: http://git.overlays.gentoo.org/gitweb/?p=proj/portage.git;a=commit;h=f8aeff8f33eaf6b9f634a45278f9eaef11633427 (In reply to comment #0) > *** WARNING *** For security reasons, only system administrators should be > *** WARNING *** allowed in the portage group. Untrusted users or processes > *** WARNING *** can potentially exploit the portage group for attacks such > as > *** WARNING *** local privilege escalation. I guess we'll need another patch to silence this. Maybe we could have you set both PORTAGE_GRPNAME and PORTAGE_USERNAME to 'root', and silently use 0 for uid and gid if getpwnam and getgrnam throw KeyError. (In reply to comment #1) > Test please: > > http://git.overlays.gentoo.org/gitweb/?p=proj/portage.git;a=commit; > h=f8aeff8f33eaf6b9f634a45278f9eaef11633427 flawless, fantastic (In reply to comment #2) > (In reply to comment #0) > > *** WARNING *** For security reasons, only system administrators should be > > *** WARNING *** allowed in the portage group. Untrusted users or processes > > *** WARNING *** can potentially exploit the portage group for attacks such > > as > > *** WARNING *** local privilege escalation. > > I guess we'll need another patch to silence this. Maybe we could have you > set both PORTAGE_GRPNAME and PORTAGE_USERNAME to 'root', and silently use 0 > for uid and gid if getpwnam and getgrnam throw KeyError. setting those two env variables didn't change anything. if it helps: localhost portage # whoami whoami: cannot find name for user ID 0 also of note:
chgrp: invalid group: 'root'
chgrp: invalid group: 'root'
chgrp: invalid group: 'root'
chgrp: invalid group: 'root'
chgrp: invalid group: 'root'
portage: 'root' user or 'root' group missing.
In Prefix Portage this is quite dramatic
since it means you have thrown away yourself.
Re-add yourself or re-bootstrap Gentoo Prefix.
*** WARNING *** For security reasons, only system administrators should be
*** WARNING *** allowed in the portage group. Untrusted users or processes
*** WARNING *** can potentially exploit the portage group for attacks such as
*** WARNING *** local privilege escalation.
(In reply to comment #4) > setting those two env variables didn't change anything. You'll need this patch: http://git.overlays.gentoo.org/gitweb/?p=proj/portage.git;a=commit;h=b1e27de54c2ff4b383e5efe62b0ddb785c0573e8 This is fixed in 2.1.11.51 and 2.2.0_alpha162. |
Recently I've been using prefix on some awkward platforms (read: Android) that don't have /etc/group or /etc/passwd portage actually works fine if I can create an /etc/passwd and /etc/group, however, on certain devices this simply isn't possible (/ isn't writable and doesn't save changes) Please add a --no-srsly-i-am-root or some other arcane flag to disable these checks. without /etc/group it does this: mysettings["PORTAGE_BUILD_GROUP"] = grp.getgrgid(portage_build_gid).gr_name KeyError: 'getgrgid(): gid not found: 0' without /etc/passwd it does this: mysettings["PORTAGE_BUILD_USER"] = pwd.getpwuid(portage_build_uid).pw_name KeyError: 'getpwuid(): uid not found: 0' if either is missing it loudly complains at start of build: portage: 'root' user or 'root' group missing. In Prefix Portage this is quite dramatic since it means you have thrown away yourself. Re-add yourself or re-bootstrap Gentoo Prefix. *** WARNING *** For security reasons, only system administrators should be *** WARNING *** allowed in the portage group. Untrusted users or processes *** WARNING *** can potentially exploit the portage group for attacks such as *** WARNING *** local privilege escalation.