Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 41708 - emerge makes files in /tmp, not very secure
Summary: emerge makes files in /tmp, not very secure
Status: RESOLVED DUPLICATE of bug 21923
Alias: None
Product: Portage Development
Classification: Unclassified
Component: Core (show other bugs)
Hardware: All Linux
: High critical (vote)
Assignee: Portage team
Depends on:
Reported: 2004-02-15 15:31 UTC by Toni DiBoulda
Modified: 2005-07-17 13:06 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Toni DiBoulda 2004-02-15 15:31:45 UTC
Reproducible: Always
Steps to Reproduce:
1. cd /tmp
2. mkdir sandboxpids.tmp
3. emerge something
4. watch very confusing error message
(steps 1, 2 and 4 done as any user, need to be root for step 3)

Actual Results:  
Calculating dependencies ...done!
>>> emerge (1 of 1) some-cat/something to /
>>> md5 src_uri ;-) something.tar.gz
>>> /tmp/sandboxpids.tmp is not a regular file>>> pids file write: Bad address

Expected Results:  
to bring down emerge should not be made that easy

!!! Emerge seems to test if sandboxpids.tmp is a regular file only. If it is
!!! hard link to existing file, existing file is empty when emerge is done.
!!! Very dangerous.
Comment 1 Jon Portnoy (RETIRED) gentoo-dev 2004-04-03 12:57:55 UTC
This is pretty major -- a newsgroup poster just pointed this one out. Any Gentoo system can trivially be damaged extremely badly with this one, as far as I can tell.
Comment 2 Jon Portnoy (RETIRED) gentoo-dev 2004-04-03 19:48:13 UTC

*** This bug has been marked as a duplicate of 21923 ***