Secure Developments

minimum permissions and privilegdges

I like security… which means I should be able to run portage as portage (user) and have the umask be 077, or perhaps 027. Unfortunately the last time I checked portage could handle these restrictive permissions (I forget if it was these exactly) except for one set… java. In a perfect ebuild world all ebuilds would be able to be installed under a very restrictive umask.

Should regen2 ever come to fruition this should be fixed.


Share

comments powered by Disqus