From 95ba43303b1bc5628f4976d79ca33bc5b2b52613 Mon Sep 17 00:00:00 2001 From: Jacques Vidrine Date: Sun, 12 May 2002 03:17:31 +0000 Subject: [PATCH] Turn on the set-user-ID bit for k5su if ENABLE_SUID_K5SU is defined. --- UPDATING | 6 ++++++ kerberos5/usr.bin/k5su/Makefile | 4 +++- kerberos5/usr.bin/ksu/Makefile | 4 +++- share/examples/etc/make.conf | 5 +++++ share/man/man5/make.conf.5 | 4 ++++ 5 files changed, 21 insertions(+), 2 deletions(-) diff --git a/UPDATING b/UPDATING index d1ed360534a..241d0e44363 100644 --- a/UPDATING +++ b/UPDATING @@ -22,6 +22,12 @@ NOTE TO PEOPLE WHO THINK THAT 5.0-CURRENT IS SLOW: integrity. Re-enabling write caching can substantially improve performance. +20020511: + The k5su utility installed as part of Kerberos 5 is no longer + installed with the set-user-ID bit set by default. Add + ENABLE_SUID_K5SU=yes to /etc/make.conf to have it installed + with the set-user-ID bit set. + 20020510: Due to the way CVS works, it may not properly update src/contrib/gcc to the 3.1 sources. The easiest fix is to `rm -rf' src/contrib/gcc diff --git a/kerberos5/usr.bin/k5su/Makefile b/kerberos5/usr.bin/k5su/Makefile index e510dff77fb..bb29a52b90e 100644 --- a/kerberos5/usr.bin/k5su/Makefile +++ b/kerberos5/usr.bin/k5su/Makefile @@ -22,7 +22,9 @@ LDADD= -L${KRB5OBJDIR} -lkrb5 \ -L${ASN1OBJDIR} -lasn1 -lcrypto -lmd -lcrypt -lcom_err DPADD= ${LIBKRB5} ${LIBKAFS5} ${LIBROKEN} ${_krb4deps} \ ${LIBASN1} ${LIBCRYPTO} ${LIBMD} ${LIBCRYPT} ${LIBCOM_ERR} -#BINMODE=4555 +.if defined(ENABLE_SUID_K5SU) +BINMODE=4555 +.endif INSTALLFLAGS=-fschg .include diff --git a/kerberos5/usr.bin/ksu/Makefile b/kerberos5/usr.bin/ksu/Makefile index e510dff77fb..bb29a52b90e 100644 --- a/kerberos5/usr.bin/ksu/Makefile +++ b/kerberos5/usr.bin/ksu/Makefile @@ -22,7 +22,9 @@ LDADD= -L${KRB5OBJDIR} -lkrb5 \ -L${ASN1OBJDIR} -lasn1 -lcrypto -lmd -lcrypt -lcom_err DPADD= ${LIBKRB5} ${LIBKAFS5} ${LIBROKEN} ${_krb4deps} \ ${LIBASN1} ${LIBCRYPTO} ${LIBMD} ${LIBCRYPT} ${LIBCOM_ERR} -#BINMODE=4555 +.if defined(ENABLE_SUID_K5SU) +BINMODE=4555 +.endif INSTALLFLAGS=-fschg .include diff --git a/share/examples/etc/make.conf b/share/examples/etc/make.conf index a5139249e03..22e9a129f04 100644 --- a/share/examples/etc/make.conf +++ b/share/examples/etc/make.conf @@ -213,6 +213,11 @@ # #MAKE_KERBEROS5= yes # +# Kerberos 5 su (k5su) +# If you want to use the k5su utility, define this to have it installed +# set-user-ID. +#ENABLE_SUID_K5SU= yes +# # # Kerberos5 # If you want to install MIT Kerberos5 port somewhere other than /usr/local, diff --git a/share/man/man5/make.conf.5 b/share/man/man5/make.conf.5 index 21793f20410..1b4b97932dc 100644 --- a/share/man/man5/make.conf.5 +++ b/share/man/man5/make.conf.5 @@ -353,6 +353,10 @@ Set this to build Kerberos5 (KTH Heimdal). This is still experimental code. If you need stable Kerberos5, use the port(s). +.It Va ENABLE_SUID_K5SU +.Pq Vt bool +Set this if you wish to use the k5su utility. Otherwise, it will be +installed without the set-user-ID bit set. .It Va MODULES_WITH_WORLD .Pq Vt bool Set to build modules with the system instead of the kernel.