summaryrefslogtreecommitdiff
path: root/mk
diff options
context:
space:
mode:
authorjlam <jlam@pkgsrc.org>2007-06-15 22:04:33 +0000
committerjlam <jlam@pkgsrc.org>2007-06-15 22:04:33 +0000
commitc616c5fb105fbe19c8bdc8f1315a2f5aaf55f22a (patch)
treed2b5d102ed3575e8b1498fd1cc747fe090901690 /mk
parent6294b0e3174c1ee1af46d6ac61c74aee6730c5c1 (diff)
downloadpkgsrc-c616c5fb105fbe19c8bdc8f1315a2f5aaf55f22a.tar.gz
On second thought, maybe the rest of the world's software isn't as
well-audited as NetBSD's /usr/bin/su. Change the default SETUID_ROOT_PERMS to 4511 to raise the bar slightly on finding vulnerabilities in setuid-root binaries.
Diffstat (limited to 'mk')
-rw-r--r--mk/pkginstall/bsd.pkginstall.mk4
1 files changed, 2 insertions, 2 deletions
diff --git a/mk/pkginstall/bsd.pkginstall.mk b/mk/pkginstall/bsd.pkginstall.mk
index cac8fd23a06..026bbaa625e 100644
--- a/mk/pkginstall/bsd.pkginstall.mk
+++ b/mk/pkginstall/bsd.pkginstall.mk
@@ -1,4 +1,4 @@
-# $NetBSD: bsd.pkginstall.mk,v 1.24 2007/06/15 14:46:02 jlam Exp $
+# $NetBSD: bsd.pkginstall.mk,v 1.25 2007/06/15 22:04:33 jlam Exp $
#
# This Makefile fragment is included by bsd.pkg.mk and implements the
# common INSTALL/DEINSTALL scripts framework. To use the pkginstall
@@ -315,7 +315,7 @@ su-create-usergroup: ${_INSTALL_USERGROUP_UNPACKER}
# Keywords: setuid setgid st_mode perms
#
SPECIAL_PERMS?= # empty
-SETUID_ROOT_PERMS?= ${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 4555
+SETUID_ROOT_PERMS?= ${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 4511
_INSTALL_PERMS_FILE= ${_PKGINSTALL_DIR}/perms
_INSTALL_PERMS_DATAFILE= ${_PKGINSTALL_DIR}/perms-data