diff options
| author | Kris Kennaway <kris@FreeBSD.org> | 2000-06-26 05:07:20 +0000 |
|---|---|---|
| committer | Kris Kennaway <kris@FreeBSD.org> | 2000-06-26 05:07:20 +0000 |
| commit | d7a11bded5e75d6e49a6dfe29646af30ef3180d2 (patch) | |
| tree | 40183e01b2e4d2fc88ea1025b4fd429e20f3bc3f | |
| parent | Upgrade to 2.0pl1. This fixes the recent security issue posted to bugtraq. (diff) | |
Remove setuid news privileges on inews by recommendation of inn maintainers
Correct typo from 1.33 which made rnews setuid news, not setgid uucp which it actually
required to implement the intended change.
Submitted by: Russ Allbery <rra@STANFORD.EDU> (first change) via Bugtraq
| -rw-r--r-- | news/inn-stable/Makefile | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/news/inn-stable/Makefile b/news/inn-stable/Makefile index 58c84772cdc6..91746f9ede25 100644 --- a/news/inn-stable/Makefile +++ b/news/inn-stable/Makefile @@ -121,7 +121,10 @@ post-install: ${MKDIR} -p ${NEWSLIB}/${dir} touch ${NEWSLIB}/${dir}/.keep_me .endfor + # drop privs on inews because it is insecure + ${CHMOD} 555 ${NEWSLIB}/bin/inews # make rnews work when getting news via uucp ! - ${CHMOD} 4555 ${NEWSLIB}/bin/rnews + ${CHMOD} 2555 ${NEWSLIB}/bin/rnews + .include <bsd.port.mk> |