On Fri, 12 Jan 2007 15:08:15 -0800 "Robin H. Johnson" <[EMAIL PROTECTED]> wrote:
> Putting the portage user into the special group would mean that > somebody could steal the MySQL password - so do you > RESTRICT=userpriv, or fail the build? If someone can subvert Portage's build process they can root your system no matter what uid is used for the build itself. Userpriv and sandbox are not and cannot be security measures; they only guard against accidental breakage in makefiles, so that argument is relatively bogus since if malice is brought into the equation the portage user has effective root already. -- gentoo-dev@gentoo.org mailing list
