aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNathan Holstein <nathan.holstein@gmail.com>2015-08-02 14:53:48 -0400
committerNathan Holstein <nathan.holstein@gmail.com>2015-08-05 08:57:10 -0400
commit0c99b3ad0c8dda90c1cb1c230aeb46d7a78c5141 (patch)
tree162afb5fc31099be128aae67cfbf3119ffe4f3b4
parent4272fe4a9344245a61a55fb8d4091f459c235dcc (diff)
downloadopendoas-0c99b3ad0c8dda90c1cb1c230aeb46d7a78c5141.tar.gz
Restrict read permissions of doas binary.
This mimics the permissions of sudo from Mac OSX. Additionally, some gymnastics are performed to set the permissions and owners of the binary before copying it to BINDIR.
-rw-r--r--Makefile12
1 files changed, 9 insertions, 3 deletions
diff --git a/Makefile b/Makefile
index 167d8dd..7ccacea 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,6 @@
# $OpenBSD: Makefile,v 1.9 2014/01/13 01:41:00 tedu Exp $
+#
+# Copyright 2015 Nathan Holstein
SRCS= parse.y doas.c
@@ -7,7 +9,7 @@ MAN= doas.1 doas.conf.5
BINOWN= root
BINGRP= wheel
-BINMODE=4555
+BINMODE=4511
COPTS+= -Wall -Wextra -Werror -pedantic -std=c11
CFLAGS+= -I${CURDIR} -I${CURDIR}/libopenbsd ${COPTS}
@@ -29,10 +31,13 @@ OBJS:=${OBJS:.c=.o}
${PROG}: ${OBJS} libopenbsd.a
${CC} ${CFLAGS} ${LDFLAGS} $^ -o $@
-${BINDIR}/${PROG}: ${PROG}
+.%.chmod: %
cp $< $@
- chown ${BINOWN}:${BINGRP} $@
chmod ${BINMODE} $@
+ chown ${BINOWN}:${BINGRP} $@
+
+${BINDIR}/${PROG}: .${PROG}.chmod
+ mv $< $@
install: ${BINDIR}/${PROG}
@@ -43,3 +48,4 @@ clean:
rm -f ${PROG}
.PHONY: default clean install
+.INTERMEDIATE: .${PROG}.chmod