emulators/hercules4sdl: limit access to suid program hercifc.

It's installed accessible to the new group "hercules":
-r-s--x---  1 root  hercules  9512 Dec 19 21:25 /usr/pkg/bin/hercifc

2 files changed, 8 insertions, 2 deletions

diff --git a/emulators/hercules4sdl/DESCR b/emulators/hercules4sdl/DESCR
index c9b3c425cab..50db0f5f557 100644
--- a/emulators/hercules4sdl/DESCR
+++ b/emulators/hercules4sdl/DESCR
@@ -13,3 +13,6 @@ Relevant mailing lists include https://groups.io/g/h390-vm and
 https://hercules-390.groups.io/g/group.
 
 This version is developed by SoftDevLabs.
+
+The hercifc program, which is only used when configuring network devices,
+is installed suid root, only accessible by group "hercules".
diff --git a/emulators/hercules4sdl/Makefile b/emulators/hercules4sdl/Makefile
index 53bfa37c3bc..f18b5c02937 100644
--- a/emulators/hercules4sdl/Makefile
+++ b/emulators/hercules4sdl/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.5 2021/12/19 19:08:19 rhialto Exp $
+# $NetBSD: Makefile,v 1.6 2021/12/19 21:26:27 rhialto Exp $
 
 PKGNAME=	hercules4sdl-4.4
+PKGREVISION=	1
 DISTNAME=	hyperion-Release_${PKGVERSION_NOREV}
 CATEGORIES=	emulators
 MASTER_SITES=	${MASTER_SITE_GITHUB:=SDL-Hercules-390/}
@@ -33,8 +34,10 @@ SUBST_SED.prefix=	-e 's,/usr/local,${PREFIX},g'
 
 CONFIGURE_ARGS+=	--enable-extpkgs=${PREFIX}/lib/hercules4sdl
 
+GROUP=			hercules
+PKG_GROUPS+=		${GROUP}
+SPECIAL_PERMS+=		${PREFIX}/bin/hercifc ${REAL_ROOT_USER} ${GROUP} 4510
 INSTALLATION_DIRS+=	share/examples/hercules
-SPECIAL_PERMS+=		${PREFIX}/bin/hercifc ${SETUID_ROOT_PERMS}
 
 pre-configure:
 	cd ${WRKSRC} && ./autogen.sh