| 1 |
On Monday 03 September 2007 10:40:39 William Xu wrote: |
| 2 |
> > It's more than that. It's the portage *BUILD*DIRECTORY* (which just |
| 3 |
> > happens to be short-lived, not temp), that's where all your merges are |
| 4 |
> > built. Just like you don't want to give just anyone the ability to |
| 5 |
> > overwrite your binaries in /bin, you also don't want to give just |
| 6 |
> > anyone the ability to overwrite the same binaries while they are being |
| 7 |
> > built. |
| 8 |
> |
| 9 |
> But I think giving group and others proper read and execute access is |
| 10 |
> safe enough. Like everybody can read things under /bin. |
| 11 |
|
| 12 |
The problem is that during unpack and compile the permissions on the files in |
| 13 |
the work dir could be anything depending on the permissions inside the |
| 14 |
tarball the files might come from or depending on the build scripts (which |
| 15 |
may be run as root)... |
| 16 |
|
| 17 |
E.g. if you get access to even enter the work dir during unpack and the |
| 18 |
unpacked files are world writeable then you can modify the build scripts |
| 19 |
before they get chmod'ed by portage at the end of the unpack and allow |
| 20 |
arbitrary code to be run later during the build as root... |
| 21 |
|
| 22 |
-- |
| 23 |
Bo Andresen |
Archives