From owner-cvs-all Fri Aug 11 14: 7:44 2000 Delivered-To: cvs-all@freebsd.org Received: from sivka.rdy.com (sivka.rdy.com [207.33.166.86]) by hub.freebsd.org (Postfix) with ESMTP id D429237BA46; Fri, 11 Aug 2000 14:07:34 -0700 (PDT) (envelope-from dima@sivka.rdy.com) Received: (from dima@localhost) by sivka.rdy.com (8.9.3/8.9.3) id OAA19283; Fri, 11 Aug 2000 14:06:26 -0700 (PDT) (envelope-from dima) Message-Id: <200008112106.OAA19283@sivka.rdy.com> Subject: Re: cvs commit: src/gnu/usr.bin/perl Makefile In-Reply-To: <200008112103.OAA92489@netplex.com.au> "from Peter Wemm at Aug 11, 2000 02:03:09 pm" To: Peter Wemm Date: Fri, 11 Aug 2000 14:06:26 -0700 (PDT) Cc: Warner Losh , Christopher Masto , "Chris D. Faulhaber" , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Organization: HackerDome Reply-To: dima@rdy.com From: dima@rdy.com (Dima Ruban) X-Mailer: ELM [version 2.4ME+ PL77 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Peter Wemm writes: > Warner Losh wrote: > > In message <200008111913.MAA91892@netplex.com.au> Peter Wemm writes: > > : > Side note: is there a way to create a port that builds part of the > > : > /usr/src tree in a different than default way? > > : > > > : > Warner > > : > > : Not easily. I would prefer that we built and instaled it, but made it mode > > : 444 (unexecutable) or something and let the user chmod 6111 later if they > > : want it. It is a lot easier to activate a binary than find or build it. > > > > OK. Any preference between mode 444 and mode 0? Since it is hard to > > make a port to do this, I think that you may be right. > > Actually.. How does this sound: Sounds nice, but you'll need to handle it in make world, since the next make world will nuke it again with shell script. But the idea is nice. > cat /usr/bin/suidperl > #! /bin/sh > echo "suidperl is not installed by default. blah blah danger etc. try:" > echo "cp /usr/bin/suidperl.real /usr/bin/suidperl" > echo "chmod 6111 /usr/bin/suidperl" > exit 1 > > and install suidperl as /usr/bin/suidperl.real with mode 444. Only install > the suidperl wrapper into /usr/bin if it is not already there. That > stops POLA by preventing blowing away a real /usr/bin/suidperl. > > If ENABLE_SUIDPERL is active, then unconditionally install suidperl in > /usr/bin/suidperl with the correct modes. > > > > Warner > > > > Cheers, > -Peter > -- > Peter Wemm - peter@FreeBSD.org; peter@yahoo-inc.com; peter@netplex.com.au > "All of this is for nothing if we don't go to the stars" - JMS/B5 > > -- dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message