On second thought, maybe the rest of the world's software isn't as

well-audited as NetBSD's /usr/bin/su. Change the default SETUID_ROOT_PERMS to 4511 to raise the bar slightly on finding vulnerabilities in setuid-root binaries.
author: jlam <jlam@pkgsrc.org> 2007-06-15 22:04:33 +0000
committer: jlam <jlam@pkgsrc.org> 2007-06-15 22:04:33 +0000
commit: c616c5fb105fbe19c8bdc8f1315a2f5aaf55f22a (patch)
tree: d2b5d102ed3575e8b1498fd1cc747fe090901690 /mk
parent: 6294b0e3174c1ee1af46d6ac61c74aee6730c5c1 (diff)
download: pkgsrc-c616c5fb105fbe19c8bdc8f1315a2f5aaf55f22a.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/mk/pkginstall/bsd.pkginstall.mk b/mk/pkginstall/bsd.pkginstall.mk
index cac8fd23a06..026bbaa625e 100644
--- a/mk/pkginstall/bsd.pkginstall.mk
+++ b/mk/pkginstall/bsd.pkginstall.mk
@@ -1,4 +1,4 @@
-# $NetBSD: bsd.pkginstall.mk,v 1.24 2007/06/15 14:46:02 jlam Exp $
+# $NetBSD: bsd.pkginstall.mk,v 1.25 2007/06/15 22:04:33 jlam Exp $
 #
 # This Makefile fragment is included by bsd.pkg.mk and implements the
 # common INSTALL/DEINSTALL scripts framework.  To use the pkginstall
@@ -315,7 +315,7 @@ su-create-usergroup: ${_INSTALL_USERGROUP_UNPACKER}
 # Keywords: setuid setgid st_mode perms
 #
 SPECIAL_PERMS?=		# empty
-SETUID_ROOT_PERMS?=	${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 4555
+SETUID_ROOT_PERMS?=	${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 4511
 
 _INSTALL_PERMS_FILE=		${_PKGINSTALL_DIR}/perms
 _INSTALL_PERMS_DATAFILE=	${_PKGINSTALL_DIR}/perms-data
author	jlam <jlam@pkgsrc.org>	2007-06-15 22:04:33 +0000
committer	jlam <jlam@pkgsrc.org>	2007-06-15 22:04:33 +0000
commit	c616c5fb105fbe19c8bdc8f1315a2f5aaf55f22a (patch)
tree	d2b5d102ed3575e8b1498fd1cc747fe090901690 /mk
parent	6294b0e3174c1ee1af46d6ac61c74aee6730c5c1 (diff)
download	pkgsrc-c616c5fb105fbe19c8bdc8f1315a2f5aaf55f22a.tar.gz