Subject: Re: CVS commit: basesrc
To: None <cjs@netbsd.org>
From: Simon Burge <simonb@wasabisystems.com>
List: source-changes
Date: 10/18/2000 10:05:48
Curt Sampson wrote:
>
> Module Name: basesrc
> Committed By: cjs
> Date: Tue Oct 17 15:58:18 UTC 2000
>
> Modified Files:
>
> basesrc/usr.bin/ssh/ssh: Makefile
>
> Log Message:
>
> Do not install /usr/bin/ssh suid, as this can cause various security problems.
Just a nit or two (not all aimed at you!):
+ The default BINMODE is 555, so we don't need to say that.
+ We don't need BINOWN if we're not specifying BINMODE
+ WTF is "INSTALLFLAGS=-fschg"? There's no mention of this at all
in /usr/share/man/bsd.README. Judging by a similar lines in
other Makefile's it seems to be a 4.4-lite thing, and seems to
be a rather half-hearted security feel-good attempt...
Simon.
--
Simon Burge <simonb@wasabisystems.com>
NetBSD Sales, Support and Service: http://www.wasabisystems.com/