I'm using a hardened gentoo with tpe group inverted (trusted group). When trying to use user compilation with gentoo's package manager (user portage), it fails with the following error:
<< grsec: denied untrusted exec of /var/tmp/portage/ufed-0.40-r1/work/ufed-0.40/configure by /usr/lib/portage/bin/ebuild.sh[ebuild.sh:27130] uid/euid:250/250 gid/egid:250/250, parent /usr/lib/portage/bin/ebuild.sh[ebuild.sh:10173] uid/euid:250/250 gid/egid:250/250 >>
user portage (250 - default gid 250) is in the tpe trusted group (gid 1005).
If I try to change the tpe gid to 250 with sysctl, compilation works.
If I set portage's default gid to 1005, compilation gives the same error.
rights:
/var/tmp drwxrwxrwt root root
/var/tmp/portage drwxrwxr-x root portage
/var/tmp/portage/packageX drwxrwxr-x root portage
/var/tmp/portage/packageX/work drwxr-xr-x portage portage,
same for subdirs
What am I missing?
trusted tpe & user compilation problems
3 posts
• Page 1 of 1
trusted tpe & user compilation problems
by bassul » Tue Oct 17, 2006 7:18 pm
- bassul
- Posts: 2
- Joined: Tue Oct 17, 2006 6:58 pm
Re: trusted tpe & user compilation problems
by mr.eko » Thu Oct 19, 2006 11:00 am
bassul wrote:I'm using a hardened gentoo with tpe group inverted (trusted group).
If I try to change the tpe gid to 250 with sysctl, compilation works.
If I set portage's default gid to 1005, compilation gives the same error.
This is a bug in portage: https://bugs.gentoo.org/show_bug.cgi?id=137610
- mr.eko
- Posts: 1
- Joined: Thu Oct 19, 2006 10:56 am
3 posts
• Page 1 of 1