Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 926428

Summary: Binary package signature verification trouble with sys-auth/pambase mktemp
Product: Portage Development Reporter: Luigi 'Comio' Mantellini <luigi.mantellini+gentoo>
Component: Binary packages supportAssignee: Gentoo Linux bug wranglers <bug-wranglers>
Status: RESOLVED DUPLICATE    
Severity: major CC: luigi.mantellini+gentoo
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Luigi 'Comio' Mantellini 2024-03-08 07:22:46 UTC 
Dear all,

I'm trying the binary package on my home server (gentoo since 2016).

On this machine I enabled the sys-auth/pambase mktemp support in order to have a user private temp directory (/tmp/.private/$USER) that is readable and writeable only by the logged user. pam mktemp will configure TMP/TMPDIR accordantly.

The private tmp directory has very reduced rights with sticky bit also.

When I try to install a binary package, the gpg signature verification fails because the used user (nobody?) is not allowed to read/write files into /tmp/.private/root as pointed by TMP/TMPDIR environments.

Disabling the mktemp feature solves because the TMP/TMPDIR variables will be unset point to /tmp (world writable) directory.

I'm unable to provide a fix, but I think that unset the TMP/TMPDIR before to switch user should solve.

ciao

luigi
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2024-03-08 17:42:45 UTC 
Duplicate of bug 925422, I think?

*** This bug has been marked as a duplicate of bug 925422 ***