diff options
-rw-r--r-- | pym/portage_data.py | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/pym/portage_data.py b/pym/portage_data.py index 99874fcf4..3bbb1dd58 100644 --- a/pym/portage_data.py +++ b/pym/portage_data.py @@ -7,6 +7,8 @@ import os,pwd,grp from portage_util import writemsg from output import green,red +from output import create_color_func +bad = create_color_func("BAD") ostype=os.uname()[0] @@ -42,6 +44,13 @@ if not lchown: os.environ["USERLAND"]=userland +def portage_group_warning(): + warn_prefix = bad("*** WARNING *** ") + writemsg(warn_prefix + "For security reasons, only system administrators should be\n") + writemsg(warn_prefix + "allowed in the portage group. Untrusted users or processes\n") + writemsg(warn_prefix + "can potentially exploit the portage group for attacks such as\n") + writemsg(warn_prefix + "local privilege escalation.\n\n") + # Portage has 3 security levels that depend on the uid and gid of the main # process and are assigned according to the following table: # @@ -89,6 +98,7 @@ except KeyError: writemsg(green(" portage:x:250:250:portage:/var/tmp/portage:/bin/false\n")) writemsg(green(" portage::250:portage\n")) writemsg("\n") + portage_group_warning() if (uid!=0) and (portage_gid not in os.getgroups()): writemsg("\n") @@ -96,3 +106,4 @@ if (uid!=0) and (portage_gid not in os.getgroups()): writemsg(red("*** due to permissions preventing the creation of the on-disk cache.\n")) writemsg(red("*** Please add this user to the portage group if you wish to use portage.\n")) writemsg("\n") + portage_group_warning() |