[distcc] A bug in distcc?
Martin Pool
mbp at sourcefrog.net
Wed Sep 24 04:47:23 GMT 2003
On 24 Sep 2003, Lisa Seelye <lisa at gentoo.org> wrote:
> On Tue, 2003-09-23 at 23:44, Martin Pool wrote:
> > I made one change in 2.11 which should improve this: lock and state
> > files are now created with 666/777 permission, masked only by the
> > user's umask. So if you're lucky, having root use your distcc_dir
> > will not necessarily break things. However, on a machine with a tight
> > umask, it is possible to have for example root end up owning
> > ~mbp/.distcc. I can't think of any good solution to that yet.
>
> Cool.
>
> With some changes to Portage (Gentoo bugs 29171 and 29313) functionality
> to obtain the GCC version in a different way was added, along with the
> creation of /var/tmp/portage/.distcc/{state,lock} automatically.
>
> These portage changes are in 2.0.49-r6, on which distcc-2.11 now
> depends.
>
> Though, since -r6 will be in testing for a while the distcc changes will
> likely make it easier to put [distcc] into arch before Portage.
>
> As an aside, are there security implications of such wide
> permissions?
I have looked at it and think it is safe. If somebody else would like
to check it, I would appreciate that. (If there is a Gentoo audit
team perhaps you could ask them too, since Gentoo seems to be the
biggest user.)
If your umask is insecure distcc will be too; that is not our problem.
Typically it is set to 002 or 022, which will let other users at most
see what you're compiling. They could probably see that from 'ps'
anyhow. If you make your home directory or distcc_dir &770 then
nobody else will be able to even see them.
--
Martin
More information about the distcc
mailing list