Summary: | passwd reports the portage account is unlocked | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Ryan Twitchell <metatheorem> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | normal | CC: | dev-portage |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Ryan Twitchell
2013-08-14 00:22:49 UTC
It can be useful to sporadically log in to portage account and perform some operations e.g. in ${DISTDIR}. Some tools will not work when run by inappropriate user. When I am logged in as root and cd to e.g. ${DISTDIR}/hg-src/python/cpython, then e.g. `hg pull` command fails with 'not trusting file ${DISTDIR}/hg-src/python/cpython/.hg/hgrc from untrusted user portage, group portage\nabort: repository default not found!' message. After logging in as portage, that command works. Old. No actual concern here as the account is restricted from being logged in to and no example of an actual exploit has been given. |