Date: Thu, 25 Apr 2002 00:32:08 -0700 From: "Crist J. Clark" <cjc@FreeBSD.ORG> To: Johan Karlsson <k@numeri.campus.luth.se> Cc: freebsd-arch@FreeBSD.ORG Subject: Re: NOSUID and NOSUID_prog make knobs Message-ID: <20020425003208.D30779@blossom.cjclark.org> In-Reply-To: <20020425035353.A73613@numeri.campus.luth.se>; from k@numeri.campus.luth.se on Thu, Apr 25, 2002 at 03:53:53AM %2B0200 References: <20020425035353.A73613@numeri.campus.luth.se>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Apr 25, 2002 at 03:53:53AM +0200, Johan Karlsson wrote:
[snip]
Ick.
> Index: share/examples/etc/make.conf
> ===================================================================
> RCS file: /home/ncvs/src/share/examples/etc/make.conf,v
> retrieving revision 1.186
> diff -u -r1.186 make.conf
> --- share/examples/etc/make.conf 2002/04/23 23:59:51 1.186
> +++ share/examples/etc/make.conf 2002/04/25 01:29:12
> @@ -88,6 +88,22 @@
> # To enable installing ssh(1) with the setuid bit turned on
> #ENABLE_SUID_SSH= true
> #
> +# To avoid installing various parts with the setuid/setgid bit turned on
> +#
> +#NOSUID= true # no setuid bit for any of the below
> +#NOSUID_AT= true # no setuid bit for at
> +#NOSUID_CHPASS= true # no setuid bit for chpass
> +#NOSUID_K5SU= true # no setuid bit for k5su
> +#NOSUID_PING= true # no setuid bit for ping
> +#NOSUID_PING6= true # no setuid bit for ping6
> +#NOSUID_PPP= true # no setuid bit for ppp
> +#NOSUID_RCP= true # no setuid bit for rcp
> +#NOSUID_SHUTDOWN= true # no setuid bit for shutdown
> +#
> +#NOSGID= true # no setgid bit for any of the below
> +#NOSGID_DM= true # no setgid bit for dm
> +#NOSGID_PS= true # no setgid bit for ps
ps(1) isn't setgid.
[snip]
> Index: bin/rcp/Makefile
> ===================================================================
> RCS file: /home/ncvs/src/bin/rcp/Makefile,v
> retrieving revision 1.20
> diff -u -r1.20 Makefile
> --- bin/rcp/Makefile 2002/04/18 07:01:34 1.20
> +++ bin/rcp/Makefile 2002/04/25 01:29:36
> @@ -21,8 +21,10 @@
> .PATH: ${.CURDIR}/../../crypto/kerberosIV/appl/bsd
> .endif
>
> +.if !defined(NOSUID) && !defined(NOSUID_RCP)
> BINOWN= root
> BINMODE=4555
> INSTALLFLAGS=-fschg
> +.endif
>
> .include <bsd.prog.mk>
This is a very painful, and difficult to maintain, way to do it. It
would be much better if it could be done inside the bsd.*.mk files. I
also think only then does there even exist a slim chance someone would
commit this. There are way too many make.conf(5) knobs already. There
are plenty of ways to customize your own installations without having
to add all of your localizations to FreeBSD itself.
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020425003208.D30779>