aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJacques Vidrine <nectar@FreeBSD.org>2002-05-15 13:04:00 +0000
committerJacques Vidrine <nectar@FreeBSD.org>2002-05-15 13:04:00 +0000
commit37351407bb44aaed356ef256fd146d616a834220 (patch)
treef0420fd7151051f550481485ac99f7349e937726
parent4c47d1e627677966d036aecc7182b341098a4d76 (diff)
downloadsrc-37351407bb44aaed356ef256fd146d616a834220.tar.gz
src-37351407bb44aaed356ef256fd146d616a834220.zip
MFC 1.206 src/UPDATING
1.6 src/kerberos5/usr.bin/k5su/Makefile 1.187 src/share/examples/etc/make.conf (etc/defaults/make.conf) 1.44 src/share/man/man5/make.conf.5 Turn on the set-user-ID bit for k5su if ENABLE_SUID_K5SU is defined.
Notes
Notes: svn path=/releng/4.4/; revision=96659
-rw-r--r--UPDATING6
-rw-r--r--etc/defaults/make.conf5
-rw-r--r--kerberos5/usr.bin/k5su/Makefile2
-rw-r--r--share/man/man5/make.conf.54
4 files changed, 17 insertions, 0 deletions
diff --git a/UPDATING b/UPDATING
index 61c0cef40f5b..86c08174bb9e 100644
--- a/UPDATING
+++ b/UPDATING
@@ -18,6 +18,12 @@ minimal number of processes, if possible, for that patch. For those
updates that don't have an advisory, or to be safe, you can do a full
build and install as described in the COMMON ITEMS section.
+20020515:
+ The k5su utility installed as part of Kerberos 5 is no longer
+ Installed with the set-user-ID bit set by default. Add
+ ENABLE_SUID_K5SU=yes to /etc/make.conf to have it installed
+ with the set-user-ID bit set.
+
20020421: p11 FreeBSD-SA-02:23.stdio
When exec'ing set[ug]id executables, the kernel now ensures that the
stdio file descriptors (0..2) are open.
diff --git a/etc/defaults/make.conf b/etc/defaults/make.conf
index a061b0863d71..25f3b0c550c3 100644
--- a/etc/defaults/make.conf
+++ b/etc/defaults/make.conf
@@ -317,6 +317,11 @@ BDECFLAGS= -W -Wall -ansi -pedantic -Wbad-function-cast -Wcast-align \
#
#MAKE_KERBEROS5= yes
#
+# Kerberos 5 su (k5su)
+# If you want to use the k5su utility, define this to have it installed
+# set-user-ID.
+#ENABLE_SUID_K5SU= yes
+#
#
# Kerberos5
# If you want to install MIT Kerberos5 port somewhere other than /usr/local,
diff --git a/kerberos5/usr.bin/k5su/Makefile b/kerberos5/usr.bin/k5su/Makefile
index 7e8c24c7d5c9..83747756d335 100644
--- a/kerberos5/usr.bin/k5su/Makefile
+++ b/kerberos5/usr.bin/k5su/Makefile
@@ -23,7 +23,9 @@ LDADD= -L${KRB5OBJDIR} -lkrb5 \
-L${ASN1OBJDIR} -lasn1 -lcrypto -lmd -lcrypt -lcom_err
DPADD= ${LIBKRB5} ${LIBKAFS5} ${LIBROKEN} ${_krb4deps} \
${LIBASN1} ${LIBCRYPTO} ${LIBMD} ${LIBCRYPT} ${LIBCOM_ERR}
+.if defined(ENABLE_SUID_K5SU)
BINMODE=4555
+.endif
INSTALLFLAGS=-fschg
.include <bsd.prog.mk>
diff --git a/share/man/man5/make.conf.5 b/share/man/man5/make.conf.5
index cbf5d6ff418e..c4c4799a7164 100644
--- a/share/man/man5/make.conf.5
+++ b/share/man/man5/make.conf.5
@@ -347,6 +347,10 @@ Set this to build Kerberos5 (KTH Heimdal).
This is still experimental code.
If you need stable Kerberos5, use the
port(s).
+.It Va ENABLE_SUID_K5SU
+.Pq Vt bool
+Set this if you wish to use the k5su utility. Otherwise, it will be
+installed without the set-user-ID bit set.
.It Va MODULES_WITH_WORLD
.Pq Vt bool
Set to build modules with the system instead of the kernel.