From owner-freebsd-arch  Wed Apr 24 18:56:23 2002
Delivered-To: freebsd-arch@freebsd.org
Received: from numeri.campus.luth.se (numeri.campus.luth.se [130.240.197.103])
	by hub.freebsd.org (Postfix) with ESMTP
	id 95CCE37B417; Wed, 24 Apr 2002 18:55:56 -0700 (PDT)
Received: (from k@localhost)
	by numeri.campus.luth.se (8.11.6/8.11.6) id g3P1rrS74076;
	Thu, 25 Apr 2002 03:53:53 +0200 (CEST)
	(envelope-from k)
Date: Thu, 25 Apr 2002 03:53:53 +0200
From: Johan Karlsson <k@numeri.campus.luth.se>
To: freebsd-arch@freebsd.org
Subject: NOSUID and NOSUID_prog make knobs
Message-ID: <20020425035353.A73613@numeri.campus.luth.se>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="fUYQa+Pmc3FrFX/N"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-arch.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-arch>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-arch>
X-Loop: FreeBSD.ORG


--fUYQa+Pmc3FrFX/N
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

[bcc -security since the discussion started there ]

Hi all,

recently a discussion about removing the setuid bit popup again
http://docs.FreeBSD.org/cgi/getmsg.cgi?fetch=166393+0+current/freebsd-security

Jason noted that it had been discussed before and also that 
introducing a make knob to disable installation of
various programs with the setuid bit turned on had been proposed.

I have started to implement this and would like to know
what you think of the concept.

Attached is an untested diff for some suid/sgid programs.

Basicly it protects the BINMODE assignment in the Makefile with
.if !defined(NOSUID) && !defined(NOSUID_prog)

I have also made changes to make.conf.5 and examples/etc/make.conf
to reflect the new knobs.

Please have a look at the attached diff and let me know what you think.

If there is interest and some commiter would consider to commit 
something along those lines I'm willing to make a diff for most 
of the suid/sgid programs we have in the tree.

/Johan K
-- 
Johan Karlsson		mailto:k@numeri.campus.luth.se

--fUYQa+Pmc3FrFX/N
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="NOSUID.diff"

? usr.sbin/sa
? usr.sbin/rpc.statd
? usr.sbin/rpc.umntall
? usr.sbin/rpc.yppasswdd
? usr.sbin/rpc.ypupdated
? usr.sbin/rpc.ypxfrd
? usr.sbin/rpcbind
? usr.sbin/rrenumd
? usr.sbin/rtadvd
? usr.sbin/rtprio
? usr.sbin/rtsold
? usr.sbin/rwhod
? usr.sbin/sendmail
? usr.sbin/setextattr
? usr.sbin/setkey
? usr.sbin/sgsc
? usr.sbin/sicontrol
? usr.sbin/sliplogin
? usr.sbin/slstat
? usr.sbin/spkrtest
? usr.sbin/spray
? usr.sbin/stallion
Index: share/examples/etc/make.conf
===================================================================
RCS file: /home/ncvs/src/share/examples/etc/make.conf,v
retrieving revision 1.186
diff -u -r1.186 make.conf
--- share/examples/etc/make.conf	2002/04/23 23:59:51	1.186
+++ share/examples/etc/make.conf	2002/04/25 01:29:12
@@ -88,6 +88,22 @@
 # To enable installing ssh(1) with the setuid bit turned on
 #ENABLE_SUID_SSH=	true
 #
+# To avoid installing various parts with the setuid/setgid bit turned on
+#
+#NOSUID=	true	# no setuid bit for any of the below
+#NOSUID_AT=	true	# no setuid bit for at
+#NOSUID_CHPASS=	true	# no setuid bit for chpass
+#NOSUID_K5SU=	true	# no setuid bit for k5su
+#NOSUID_PING=	true	# no setuid bit for ping
+#NOSUID_PING6=	true	# no setuid bit for ping6
+#NOSUID_PPP=	true	# no setuid bit for ppp
+#NOSUID_RCP=	true	# no setuid bit for rcp
+#NOSUID_SHUTDOWN=	true	# no setuid bit for shutdown
+#
+#NOSGID=	true	# no setgid bit for any of the below
+#NOSGID_DM=	true	# no setgid bit for dm
+#NOSGID_PS=	true	# no setgid bit for ps
+
 # To avoid building various parts of the base system:
 #NO_CVS=	true	# do not build CVS
 #NO_CXX=	true	# do not build C++ and friends
Index: share/man/man5/make.conf.5
===================================================================
RCS file: /home/ncvs/src/share/man/man5/make.conf.5,v
retrieving revision 1.43
diff -u -r1.43 make.conf.5
--- share/man/man5/make.conf.5	2002/04/23 23:59:51	1.43
+++ share/man/man5/make.conf.5	2002/04/25 01:29:16
@@ -480,11 +480,39 @@
 set to not build crypto code in
 .Pa secure
 subdir.
+.It Va NOSGID
+.Pq Vt bool
+Set to disable the installation of all of the following
+as sgid programs.
+.It Va NOSGID_DM
+.Pq Vt bool
+Set to disable the installation of 
+.Xr dm 8
+as a sgid program.
 .It Va NOSHARE
 .Pq Vt bool
 Set to not build in the
 .Pa share
 subdir.
+.It Va NOSGID
+.Pq Vt bool
+Set to disable the installation of all of the following
+as suid programs.
+.It Va NOSUID_AT
+.Pq Vt bool
+Set to disable the installation of
+.Xr at 1
+as a suid program.
+.It Va NOSUID_CHPASS
+.Pq Vt bool
+Set to disable the installation of
+.Xr chpass 1
+as a suid program.
+.It Va NOSUID_PPP
+.Pq Vt bool
+Set to disable the installation of
+.Xr ppp 8
+as a suid program.
 .It Va NOUUCP
 .Pq Vt bool
 Set to not build
@@ -496,11 +524,6 @@
 .Xr perl 1
 with thread
 support.
-.It Va PPP_NOSUID
-.Pq Vt bool
-Set to disable the installation of
-.Xr ppp 8
-as an suid root program.
 .It Va SENDMAIL_MC
 .Pq Vt str
 The default m4 configuration file to use at install time.
Index: bin/ps/Makefile
===================================================================
RCS file: /home/ncvs/src/bin/ps/Makefile,v
retrieving revision 1.19
diff -u -r1.19 Makefile
--- bin/ps/Makefile	2002/02/04 03:06:50	1.19
+++ bin/ps/Makefile	2002/04/25 01:29:36
@@ -14,7 +14,9 @@
 WFORMAT=0
 DPADD=	${LIBM} ${LIBKVM}
 LDADD=	-lm -lkvm
+.if !defined(NOSGID) && !defined(NOSGID_PS)
 #BINGRP=	kmem
 #BINMODE=2555
+.endif
 
 .include <bsd.prog.mk>
Index: bin/rcp/Makefile
===================================================================
RCS file: /home/ncvs/src/bin/rcp/Makefile,v
retrieving revision 1.20
diff -u -r1.20 Makefile
--- bin/rcp/Makefile	2002/04/18 07:01:34	1.20
+++ bin/rcp/Makefile	2002/04/25 01:29:36
@@ -21,8 +21,10 @@
 .PATH:	${.CURDIR}/../../crypto/kerberosIV/appl/bsd
 .endif
 
+.if !defined(NOSUID) && !defined(NOSUID_RCP)
 BINOWN=	root
 BINMODE=4555
 INSTALLFLAGS=-fschg
+.endif
 
 .include <bsd.prog.mk>
Index: sbin/ping/Makefile
===================================================================
RCS file: /home/ncvs/src/sbin/ping/Makefile,v
retrieving revision 1.17
diff -u -r1.17 Makefile
--- sbin/ping/Makefile	2001/12/04 02:19:55	1.17
+++ sbin/ping/Makefile	2002/04/25 01:29:48
@@ -3,8 +3,10 @@
 
 PROG=	ping
 MAN=	ping.8
+.if !defined(NOSUID) && !defined(NOSUID_PING)
 BINOWN=	root
 BINMODE=4555
+.endif
 .if ${MACHINE_ARCH} == "alpha"
 CFLAGS+=-fno-builtin	# GCC's builtin memcpy doesn't do unaligned copies
 .endif
Index: sbin/ping6/Makefile
===================================================================
RCS file: /home/ncvs/src/sbin/ping6/Makefile,v
retrieving revision 1.9
diff -u -r1.9 Makefile
--- sbin/ping6/Makefile	2002/03/01 09:49:48	1.9
+++ sbin/ping6/Makefile	2002/04/25 01:29:48
@@ -6,8 +6,10 @@
 CFLAGS+=-DINET6 -DIPSEC
 WARNS=	0
 
+.if !defined(NOSUID) && !defined(NOSUID_PING6)
 BINOWN=	root
 BINMODE=4555
+.endif
 
 LDADD=	-lipsec -lm -lmd
 DPADD= ${LIBIPSEC} ${LIBM} ${LIBMD}
Index: usr.bin/at/Makefile
===================================================================
RCS file: /home/ncvs/src/usr.bin/at/Makefile,v
retrieving revision 1.15
diff -u -r1.15 Makefile
--- usr.bin/at/Makefile	2002/02/08 22:31:35	1.15
+++ usr.bin/at/Makefile	2002/04/25 01:29:49
@@ -11,8 +11,10 @@
 	at.1 atq.1 \
 	at.1 atrm.1
 
+.if !defined(NUSUID) && !defined(NOSUID_AT)
 BINOWN=	root
 BINMODE= 4555
+.endif
 CLEANFILES+= at.1
 
 at.1: at.man
Index: usr.bin/chpass/Makefile
===================================================================
RCS file: /home/ncvs/src/usr.bin/chpass/Makefile,v
retrieving revision 1.25
diff -u -r1.25 Makefile
--- usr.bin/chpass/Makefile	2002/03/24 10:21:22	1.25
+++ usr.bin/chpass/Makefile	2002/04/25 01:29:51
@@ -6,8 +6,10 @@
 	table.c util.c ypxfr_misc.c ${GENSRCS}
 GENSRCS=yp.h yp_clnt.c yppasswd.h yppasswd_clnt.c yppasswd_private.h \
 	yppasswd_private_clnt.c yppasswd_private_xdr.c
+.if !defined(NOSUID) && !defined(NOSUID_CHPASS)
 BINOWN=	root
 BINMODE=4555
+.endif
 .PATH:	${.CURDIR}/../../usr.sbin/pwd_mkdb ${.CURDIR}/../../usr.sbin/vipw \
 	${.CURDIR}/../../libexec/ypxfr \
 	${.CURDIR}/../../usr.sbin/rpc.yppasswdd \
Index: usr.sbin/ppp/Makefile
===================================================================
RCS file: /home/ncvs/src/usr.sbin/ppp/Makefile,v
retrieving revision 1.94
diff -u -r1.94 Makefile
--- usr.sbin/ppp/Makefile	2002/03/30 17:57:51	1.94
+++ usr.sbin/ppp/Makefile	2002/04/25 01:30:37
@@ -19,11 +19,11 @@
 NOSUID=		true
 .endif
 
-.if defined(NOSUID) || defined(PPP_NOSUID)
-BINMODE=554
-.else
+.if !defined(NOSUID) && !defined(NOSUID_PPP) && !defined(PPP_NOSUID)
 BINMODE=4554
 BINOWN=	root
+.else
+BINMODE=554
 .endif
 BINGRP=	network
 M4FLAGS=

--fUYQa+Pmc3FrFX/N--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message