summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorZac Medico <zmedico@gentoo.org>2006-09-25 21:16:32 +0000
committerZac Medico <zmedico@gentoo.org>2006-09-25 21:16:32 +0000
commitfd76b435d5ce953e91a0efa8f6706aa3bd505f62 (patch)
tree40e92de04102c7ef6fb9fc361c57a5e7695f16d2
parentbe6030376aa3d958bd0cadf6522337ba27694835 (diff)
downloadportage-fd76b435d5ce953e91a0efa8f6706aa3bd505f62.tar.gz
portage-fd76b435d5ce953e91a0efa8f6706aa3bd505f62.tar.bz2
portage-fd76b435d5ce953e91a0efa8f6706aa3bd505f62.zip
Add a warning about the portage group and the possiblility of exploits for bug #149062.
svn path=/main/trunk/; revision=4530
-rw-r--r--pym/portage_data.py11
1 files changed, 11 insertions, 0 deletions
diff --git a/pym/portage_data.py b/pym/portage_data.py
index 99874fcf4..3bbb1dd58 100644
--- a/pym/portage_data.py
+++ b/pym/portage_data.py
@@ -7,6 +7,8 @@
import os,pwd,grp
from portage_util import writemsg
from output import green,red
+from output import create_color_func
+bad = create_color_func("BAD")
ostype=os.uname()[0]
@@ -42,6 +44,13 @@ if not lchown:
os.environ["USERLAND"]=userland
+def portage_group_warning():
+ warn_prefix = bad("*** WARNING *** ")
+ writemsg(warn_prefix + "For security reasons, only system administrators should be\n")
+ writemsg(warn_prefix + "allowed in the portage group. Untrusted users or processes\n")
+ writemsg(warn_prefix + "can potentially exploit the portage group for attacks such as\n")
+ writemsg(warn_prefix + "local privilege escalation.\n\n")
+
# Portage has 3 security levels that depend on the uid and gid of the main
# process and are assigned according to the following table:
#
@@ -89,6 +98,7 @@ except KeyError:
writemsg(green(" portage:x:250:250:portage:/var/tmp/portage:/bin/false\n"))
writemsg(green(" portage::250:portage\n"))
writemsg("\n")
+ portage_group_warning()
if (uid!=0) and (portage_gid not in os.getgroups()):
writemsg("\n")
@@ -96,3 +106,4 @@ if (uid!=0) and (portage_gid not in os.getgroups()):
writemsg(red("*** due to permissions preventing the creation of the on-disk cache.\n"))
writemsg(red("*** Please add this user to the portage group if you wish to use portage.\n"))
writemsg("\n")
+ portage_group_warning()