diff options
| author | jlam <jlam@pkgsrc.org> | 2007-06-15 22:04:33 +0000 |
|---|---|---|
| committer | jlam <jlam@pkgsrc.org> | 2007-06-15 22:04:33 +0000 |
| commit | c616c5fb105fbe19c8bdc8f1315a2f5aaf55f22a (patch) | |
| tree | d2b5d102ed3575e8b1498fd1cc747fe090901690 /mk/pkginstall | |
| parent | 6294b0e3174c1ee1af46d6ac61c74aee6730c5c1 (diff) | |
| download | pkgsrc-c616c5fb105fbe19c8bdc8f1315a2f5aaf55f22a.tar.gz | |
On second thought, maybe the rest of the world's software isn't as
well-audited as NetBSD's /usr/bin/su. Change the default
SETUID_ROOT_PERMS to 4511 to raise the bar slightly on finding
vulnerabilities in setuid-root binaries.
Diffstat (limited to 'mk/pkginstall')
| -rw-r--r-- | mk/pkginstall/bsd.pkginstall.mk | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/mk/pkginstall/bsd.pkginstall.mk b/mk/pkginstall/bsd.pkginstall.mk index cac8fd23a06..026bbaa625e 100644 --- a/mk/pkginstall/bsd.pkginstall.mk +++ b/mk/pkginstall/bsd.pkginstall.mk @@ -1,4 +1,4 @@ -# $NetBSD: bsd.pkginstall.mk,v 1.24 2007/06/15 14:46:02 jlam Exp $ +# $NetBSD: bsd.pkginstall.mk,v 1.25 2007/06/15 22:04:33 jlam Exp $ # # This Makefile fragment is included by bsd.pkg.mk and implements the # common INSTALL/DEINSTALL scripts framework. To use the pkginstall @@ -315,7 +315,7 @@ su-create-usergroup: ${_INSTALL_USERGROUP_UNPACKER} # Keywords: setuid setgid st_mode perms # SPECIAL_PERMS?= # empty -SETUID_ROOT_PERMS?= ${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 4555 +SETUID_ROOT_PERMS?= ${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 4511 _INSTALL_PERMS_FILE= ${_PKGINSTALL_DIR}/perms _INSTALL_PERMS_DATAFILE= ${_PKGINSTALL_DIR}/perms-data |