diff options
author | Zac Medico <zmedico@gentoo.org> | 2006-09-25 21:16:32 +0000 |
---|---|---|
committer | Zac Medico <zmedico@gentoo.org> | 2006-09-25 21:16:32 +0000 |
commit | fd76b435d5ce953e91a0efa8f6706aa3bd505f62 (patch) | |
tree | 40e92de04102c7ef6fb9fc361c57a5e7695f16d2 | |
parent | be6030376aa3d958bd0cadf6522337ba27694835 (diff) | |
download | portage-fd76b435d5ce953e91a0efa8f6706aa3bd505f62.tar.gz portage-fd76b435d5ce953e91a0efa8f6706aa3bd505f62.tar.bz2 portage-fd76b435d5ce953e91a0efa8f6706aa3bd505f62.zip |
Add a warning about the portage group and the possiblility of exploits for bug #149062.
svn path=/main/trunk/; revision=4530
-rw-r--r-- | pym/portage_data.py | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/pym/portage_data.py b/pym/portage_data.py index 99874fcf4..3bbb1dd58 100644 --- a/pym/portage_data.py +++ b/pym/portage_data.py @@ -7,6 +7,8 @@ import os,pwd,grp from portage_util import writemsg from output import green,red +from output import create_color_func +bad = create_color_func("BAD") ostype=os.uname()[0] @@ -42,6 +44,13 @@ if not lchown: os.environ["USERLAND"]=userland +def portage_group_warning(): + warn_prefix = bad("*** WARNING *** ") + writemsg(warn_prefix + "For security reasons, only system administrators should be\n") + writemsg(warn_prefix + "allowed in the portage group. Untrusted users or processes\n") + writemsg(warn_prefix + "can potentially exploit the portage group for attacks such as\n") + writemsg(warn_prefix + "local privilege escalation.\n\n") + # Portage has 3 security levels that depend on the uid and gid of the main # process and are assigned according to the following table: # @@ -89,6 +98,7 @@ except KeyError: writemsg(green(" portage:x:250:250:portage:/var/tmp/portage:/bin/false\n")) writemsg(green(" portage::250:portage\n")) writemsg("\n") + portage_group_warning() if (uid!=0) and (portage_gid not in os.getgroups()): writemsg("\n") @@ -96,3 +106,4 @@ if (uid!=0) and (portage_gid not in os.getgroups()): writemsg(red("*** due to permissions preventing the creation of the on-disk cache.\n")) writemsg(red("*** Please add this user to the portage group if you wish to use portage.\n")) writemsg("\n") + portage_group_warning() |