opendoas

A portable version of the OpenBSD `doas` command
git clone https://pi.duncano.de/git/opendoas.git
Log | Files | Refs | README | LICENSE

commit 0c99b3ad0c8dda90c1cb1c230aeb46d7a78c5141
parent 4272fe4a9344245a61a55fb8d4091f459c235dcc
Author: Nathan Holstein <nathan.holstein@gmail.com>
Date:   Sun,  2 Aug 2015 14:53:48 -0400

Restrict read permissions of doas binary.

This mimics the permissions of sudo from Mac OSX.

Additionally, some gymnastics are performed to set the permissions and
owners of the binary before copying it to BINDIR.

Diffstat:
Makefile | 12+++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/Makefile b/Makefile @@ -1,4 +1,6 @@ # $OpenBSD: Makefile,v 1.9 2014/01/13 01:41:00 tedu Exp $ +# +# Copyright 2015 Nathan Holstein SRCS= parse.y doas.c @@ -7,7 +9,7 @@ MAN= doas.1 doas.conf.5 BINOWN= root BINGRP= wheel -BINMODE=4555 +BINMODE=4511 COPTS+= -Wall -Wextra -Werror -pedantic -std=c11 CFLAGS+= -I${CURDIR} -I${CURDIR}/libopenbsd ${COPTS} @@ -29,10 +31,13 @@ OBJS:=${OBJS:.c=.o} ${PROG}: ${OBJS} libopenbsd.a ${CC} ${CFLAGS} ${LDFLAGS} $^ -o $@ -${BINDIR}/${PROG}: ${PROG} +.%.chmod: % cp $< $@ - chown ${BINOWN}:${BINGRP} $@ chmod ${BINMODE} $@ + chown ${BINOWN}:${BINGRP} $@ + +${BINDIR}/${PROG}: .${PROG}.chmod + mv $< $@ install: ${BINDIR}/${PROG} @@ -43,3 +48,4 @@ clean: rm -f ${PROG} .PHONY: default clean install +.INTERMEDIATE: .${PROG}.chmod