I'd say most programs, but especially setuid programs, probably shouldn't be group-writable. Does this patch look good?
2009-01-04 Paul Jarc <[email protected]> * ping/Makefile.am, rcp/Makefile.am, rlogin/Makefile.am, rsh/Makefile.am, traceroute/Makefile.am: Don't install setuid programs as group-writable. paul
diff --git a/ping/Makefile.am b/ping/Makefile.am index 9db9509..a3dbc83 100644 --- a/ping/Makefile.am +++ b/ping/Makefile.am @@ -32,7 +32,7 @@ ping_SOURCES = ping.c ping_common.c ping_echo.c ping_address.c \ ping_router.c ping_timestamp.c ping_common.h ping_impl.h ping.h libping.c ping6_SOURCES = ping6.c ping_common.c ping_common.h ping6.h -SUIDMODE = -o root -m 4775 +SUIDMODE = -o root -m 4755 install-ping-hook: -...@for program in $(bin_PROGRAMS); do \ diff --git a/rcp/Makefile.am b/rcp/Makefile.am index 9ddec8b..701078d 100644 --- a/rcp/Makefile.am +++ b/rcp/Makefile.am @@ -36,7 +36,7 @@ LDADD = -L../libinetutils -linetutils -L../lib -lgnu \ EXTRA_DIST = $(man_MANS) -SUIDMODE = -o root -m 4775 +SUIDMODE = -o root -m 4755 install-rcp-hook: -...@$(INSTALL_PROGRAM) $(bin_PROGRAMS) $(SUIDMODE) $(AM_INSTALL_PROGRAM_FLAGS) $(DESTDIR)$(bindir)/`echo $(bin_PROGRAMS)|sed '$(transform)'` ; \ diff --git a/rlogin/Makefile.am b/rlogin/Makefile.am index 1222091..120f10c 100644 --- a/rlogin/Makefile.am +++ b/rlogin/Makefile.am @@ -29,7 +29,7 @@ LDADD = -L../libinetutils -linetutils -L../lib -lgnu $(LIBUTIL) @LIBCRYPT@ @LIBA EXTRA_DIST = $(man_MANS) -SUIDMODE = -o root -m 4775 +SUIDMODE = -o root -m 4755 install-rlogin-hook: -...@$(INSTALL_PROGRAM) $(bin_PROGRAMS) $(SUIDMODE) $(AM_INSTALL_PROGRAM_FLAGS) $(DESTDIR)$(bindir)/`echo $(bin_PROGRAMS)|sed '$(transform)'` ; \ diff --git a/rsh/Makefile.am b/rsh/Makefile.am index 50e37f1..5cd3fe2 100644 --- a/rsh/Makefile.am +++ b/rsh/Makefile.am @@ -34,7 +34,7 @@ LDADD = -L../libinetutils -linetutils -L../lib -lgnu \ EXTRA_DIST = $(man_MANS) -SUIDMODE = -o root -m 4775 +SUIDMODE = -o root -m 4755 install-rsh-hook: -...@$(INSTALL_PROGRAM) $(bin_PROGRAMS) $(SUIDMODE) $(AM_INSTALL_PROGRAM_FLAGS) $(DESTDIR)$(bindir)/`echo $(bin_PROGRAMS)|sed '$(transform)'` ; \ diff --git a/traceroute/Makefile.am b/traceroute/Makefile.am index db699dc..fd7b7a6 100644 --- a/traceroute/Makefile.am +++ b/traceroute/Makefile.am @@ -28,7 +28,7 @@ INCLUDES = -I$(top_srcdir)/lib -I../lib -I$(top_srcdir)/libicmp -I$(top_srcdir)/ LDADD = -L../libicmp -licmp -L../lib -lgnu -SUIDMODE = -o root -m 4775 +SUIDMODE = -o root -m 4755 install-traceroute-hook: -...@for program in $(bin_PROGRAMS); do \
