1 |
On Fri, 12 Jan 2007 15:08:15 -0800 |
2 |
"Robin H. Johnson" <robbat2@g.o> wrote: |
3 |
|
4 |
> Putting the portage user into the special group would mean that |
5 |
> somebody could steal the MySQL password - so do you |
6 |
> RESTRICT=userpriv, or fail the build? |
7 |
|
8 |
If someone can subvert Portage's build process they can root your |
9 |
system no matter what uid is used for the build itself. Userpriv and |
10 |
sandbox are not and cannot be security measures; they only guard |
11 |
against accidental breakage in makefiles, so that argument is |
12 |
relatively bogus since if malice is brought into the equation the |
13 |
portage user has effective root already. |
14 |
-- |
15 |
gentoo-dev@g.o mailing list |