On second thought, maybe the rest of the world's software isn't as

well-audited as NetBSD's /usr/bin/su. Change the default SETUID_ROOT_PERMS to 4511 to raise the bar slightly on finding vulnerabilities in setuid-root binaries.
2007-06-15 22:04:33 +00:00 · 2007-06-15 22:04:33 +00:00 · c616c5fb10
commit c616c5fb10
parent 6294b0e317
1 changed files with 2 additions and 2 deletions
--- a/mk/pkginstall/bsd.pkginstall.mk
+++ b/mk/pkginstall/bsd.pkginstall.mk
@ -1,4 +1,4 @@
-# $NetBSD: bsd.pkginstall.mk,v 1.24 2007/06/15 14:46:02 jlam Exp $
+# $NetBSD: bsd.pkginstall.mk,v 1.25 2007/06/15 22:04:33 jlam Exp $
 #
 # This Makefile fragment is included by bsd.pkg.mk and implements the
 # common INSTALL/DEINSTALL scripts framework.  To use the pkginstall
@ -315,7 +315,7 @@ su-create-usergroup: ${_INSTALL_USERGROUP_UNPACKER}
 # Keywords: setuid setgid st_mode perms
 #
 SPECIAL_PERMS?=		# empty
-SETUID_ROOT_PERMS?=	${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 4555
+SETUID_ROOT_PERMS?=	${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 4511

 _INSTALL_PERMS_FILE=		${_PKGINSTALL_DIR}/perms
 _INSTALL_PERMS_DATAFILE=	${_PKGINSTALL_DIR}/perms-data