From c616c5fb105fbe19c8bdc8f1315a2f5aaf55f22a Mon Sep 17 00:00:00 2001 From: jlam Date: Fri, 15 Jun 2007 22:04:33 +0000 Subject: [PATCH] On second thought, maybe the rest of the world's software isn't as well-audited as NetBSD's /usr/bin/su. Change the default SETUID_ROOT_PERMS to 4511 to raise the bar slightly on finding vulnerabilities in setuid-root binaries. --- mk/pkginstall/bsd.pkginstall.mk | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mk/pkginstall/bsd.pkginstall.mk b/mk/pkginstall/bsd.pkginstall.mk index cac8fd23a066..026bbaa625e8 100644 --- a/mk/pkginstall/bsd.pkginstall.mk +++ b/mk/pkginstall/bsd.pkginstall.mk @@ -1,4 +1,4 @@ -# $NetBSD: bsd.pkginstall.mk,v 1.24 2007/06/15 14:46:02 jlam Exp $ +# $NetBSD: bsd.pkginstall.mk,v 1.25 2007/06/15 22:04:33 jlam Exp $ # # This Makefile fragment is included by bsd.pkg.mk and implements the # common INSTALL/DEINSTALL scripts framework. To use the pkginstall @@ -315,7 +315,7 @@ su-create-usergroup: ${_INSTALL_USERGROUP_UNPACKER} # Keywords: setuid setgid st_mode perms # SPECIAL_PERMS?= # empty -SETUID_ROOT_PERMS?= ${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 4555 +SETUID_ROOT_PERMS?= ${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 4511 _INSTALL_PERMS_FILE= ${_PKGINSTALL_DIR}/perms _INSTALL_PERMS_DATAFILE= ${_PKGINSTALL_DIR}/perms-data