Change the default setuid-root permissions from 4711 to 4555. This
strips off the write bit for root and gets rid of the unnecessary lack of read permissions for "group" and "other". Inspired by /usr/bin/su on NetBSD.
This commit is contained in:
parent
94d65f602d
commit
ac27702398
1 changed files with 2 additions and 2 deletions
|
@ -1,4 +1,4 @@
|
||||||
# $NetBSD: bsd.pkginstall.mk,v 1.23 2007/06/15 14:14:36 jlam Exp $
|
# $NetBSD: bsd.pkginstall.mk,v 1.24 2007/06/15 14:46:02 jlam Exp $
|
||||||
#
|
#
|
||||||
# This Makefile fragment is included by bsd.pkg.mk and implements the
|
# This Makefile fragment is included by bsd.pkg.mk and implements the
|
||||||
# common INSTALL/DEINSTALL scripts framework. To use the pkginstall
|
# common INSTALL/DEINSTALL scripts framework. To use the pkginstall
|
||||||
|
@ -315,7 +315,7 @@ su-create-usergroup: ${_INSTALL_USERGROUP_UNPACKER}
|
||||||
# Keywords: setuid setgid st_mode perms
|
# Keywords: setuid setgid st_mode perms
|
||||||
#
|
#
|
||||||
SPECIAL_PERMS?= # empty
|
SPECIAL_PERMS?= # empty
|
||||||
SETUID_ROOT_PERMS?= ${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 4711
|
SETUID_ROOT_PERMS?= ${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 4555
|
||||||
|
|
||||||
_INSTALL_PERMS_FILE= ${_PKGINSTALL_DIR}/perms
|
_INSTALL_PERMS_FILE= ${_PKGINSTALL_DIR}/perms
|
||||||
_INSTALL_PERMS_DATAFILE= ${_PKGINSTALL_DIR}/perms-data
|
_INSTALL_PERMS_DATAFILE= ${_PKGINSTALL_DIR}/perms-data
|
||||||
|
|
Loading…
Reference in a new issue