1 |
On Monday 03 September 2007 10:40:39 William Xu wrote: |
2 |
> > It's more than that. It's the portage *BUILD*DIRECTORY* (which just |
3 |
> > happens to be short-lived, not temp), that's where all your merges are |
4 |
> > built. Just like you don't want to give just anyone the ability to |
5 |
> > overwrite your binaries in /bin, you also don't want to give just |
6 |
> > anyone the ability to overwrite the same binaries while they are being |
7 |
> > built. |
8 |
> |
9 |
> But I think giving group and others proper read and execute access is |
10 |
> safe enough. Like everybody can read things under /bin. |
11 |
|
12 |
The problem is that during unpack and compile the permissions on the files in |
13 |
the work dir could be anything depending on the permissions inside the |
14 |
tarball the files might come from or depending on the build scripts (which |
15 |
may be run as root)... |
16 |
|
17 |
E.g. if you get access to even enter the work dir during unpack and the |
18 |
unpacked files are world writeable then you can modify the build scripts |
19 |
before they get chmod'ed by portage at the end of the unpack and allow |
20 |
arbitrary code to be run later during the build as root... |
21 |
|
22 |
-- |
23 |
Bo Andresen |