Disable /usr/bin/ssh being setuid root by default. Let the variable
ENABLE_SUID_SSH being defined reenable it for those that want it. This follows discussion favoring the change from September. It is not usually necessary to be setuid root, possibly less safe, and less convenient (cannot use $HOSTALIASES, for example). Submitted by: jedgar
This commit is contained in:
parent
03e72be8c8
commit
087815f8bc
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=68705
@ -57,6 +57,9 @@ BDECFLAGS= -W -Wall -ansi -pedantic -Wbad-function-cast -Wcast-align \
|
||||
# To build ppp with normal permissions
|
||||
#PPP_NOSUID= true
|
||||
#
|
||||
# To enable installing ssh(1) with the setuid bit turned on
|
||||
#ENABLE_SUID_SSH= true
|
||||
#
|
||||
# To avoid building various parts of the base system:
|
||||
#NO_CVS= true # do not build CVS
|
||||
#NO_BIND= true # do not build BIND
|
||||
|
@ -5,7 +5,9 @@ SSHSRC= ${.CURDIR}/../../../crypto/openssh
|
||||
|
||||
PROG= ssh
|
||||
BINOWN= root
|
||||
.if defined(ENABLE_SUID_SSH)
|
||||
BINMODE=4555
|
||||
.endif
|
||||
MAN1= ssh.1
|
||||
LINKS= ${BINDIR}/ssh ${BINDIR}/slogin
|
||||
MLINKS= ssh.1 slogin.1
|
||||
|
@ -57,6 +57,9 @@ BDECFLAGS= -W -Wall -ansi -pedantic -Wbad-function-cast -Wcast-align \
|
||||
# To build ppp with normal permissions
|
||||
#PPP_NOSUID= true
|
||||
#
|
||||
# To enable installing ssh(1) with the setuid bit turned on
|
||||
#ENABLE_SUID_SSH= true
|
||||
#
|
||||
# To avoid building various parts of the base system:
|
||||
#NO_CVS= true # do not build CVS
|
||||
#NO_BIND= true # do not build BIND
|
||||
|
Loading…
Reference in New Issue
Block a user