Today I added FEATURES=”userfetch userpriv usersandbox usersync” to my /etc/make.conf on one of my gentoo boxes. These make portage drop root privileges when doing various parts of its package-managery stuff (and in combination, almost everything it doesn’t need them for). I ran into a small snag where some packages from the X11 overlay that pull the sources straight from git—they’d previously been fetched by portage as root, so the files on the system were owned by root and they couldn’t be updated by the new non-root pull. I fixed that by just deleting the files that were already there and letting them be pulled fresh with the right permissions, and everything worked.
It’s nice to see that, outside some bleeding-edge developer stuff that you can’t even get to without a good knowledge of the OS, this security feature just works. Hopefully it can be enabled by default soon.
Tags: gentoo portage security