From ea079e4650aa744003da874f2ea55b9e1fda6de5 Mon Sep 17 00:00:00 2001
From: Matthew Dillon <dillon@FreeBSD.org>
Date: Sun, 9 Sep 2001 04:54:10 +0000
Subject: [PATCH] Make sure that all non-root-owned binaries in standard system
 paths are chflaged 'schg' to prevent exploit vectors when run by cron, by a
 root user, or by a user other then the one owning the binary.  This applies
 to most of the uucp binaries, cu, tip, and man (man was already installed
 properly).

MFC will occur when approved.
---
 gnu/libexec/uucp/cu/Makefile     | 1 +
 gnu/libexec/uucp/uucp/Makefile   | 1 +
 gnu/libexec/uucp/uuname/Makefile | 2 +-
 gnu/libexec/uucp/uustat/Makefile | 1 +
 gnu/libexec/uucp/uux/Makefile    | 1 +
 usr.bin/tip/tip/Makefile         | 1 +
 6 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/gnu/libexec/uucp/cu/Makefile b/gnu/libexec/uucp/cu/Makefile
index 612546df99ef..faad03b39e07 100644
--- a/gnu/libexec/uucp/cu/Makefile
+++ b/gnu/libexec/uucp/cu/Makefile
@@ -12,6 +12,7 @@ LDADD+=		$(LIBUNIX) $(LIBUUCONF) $(LIBUUCP)
 DPADD+=		$(LIBUNIX) $(LIBUUCONF) $(LIBUUCP)
 CFLAGS+=	-I$(.CURDIR)/../common_sources\
 		-DVERSION=\"$(VERSION)\"
+INSTALLFLAGS+= -fschg
 
 .include <bsd.prog.mk>
 .PATH: $(.CURDIR)/../common_sources
diff --git a/gnu/libexec/uucp/uucp/Makefile b/gnu/libexec/uucp/uucp/Makefile
index 0219fff63a43..2f91d8298f9c 100644
--- a/gnu/libexec/uucp/uucp/Makefile
+++ b/gnu/libexec/uucp/uucp/Makefile
@@ -11,6 +11,7 @@ LDADD+=		$(LIBUNIX) $(LIBUUCONF) $(LIBUUCP)
 DPADD+=		$(LIBUNIX) $(LIBUUCONF) $(LIBUUCP)
 CFLAGS+=	-I$(.CURDIR)/../common_sources\
 		-DVERSION=\"$(VERSION)\"
+INSTALLFLAGS+= -fschg
 
 .include <bsd.prog.mk>
 .PATH: $(.CURDIR)/../common_sources
diff --git a/gnu/libexec/uucp/uuname/Makefile b/gnu/libexec/uucp/uuname/Makefile
index f5e6dd92cc85..743a3b5eb9a7 100644
--- a/gnu/libexec/uucp/uuname/Makefile
+++ b/gnu/libexec/uucp/uuname/Makefile
@@ -11,7 +11,7 @@ LDADD+=		$(LIBUNIX) $(LIBUUCONF) $(LIBUUCP)
 DPADD+=		$(LIBUNIX) $(LIBUUCONF) $(LIBUUCP)
 CFLAGS+=	-I$(.CURDIR)/../common_sources\
 		-DVERSION=\"$(VERSION)\"
-
+INSTALLFLAGS+= -fschg
 
 .include <bsd.prog.mk>
 .PATH: $(.CURDIR)/../common_sources
diff --git a/gnu/libexec/uucp/uustat/Makefile b/gnu/libexec/uucp/uustat/Makefile
index be839ca11116..5743180863b8 100644
--- a/gnu/libexec/uucp/uustat/Makefile
+++ b/gnu/libexec/uucp/uustat/Makefile
@@ -13,6 +13,7 @@ DPADD+=		$(LIBUNIX) $(LIBUUCONF) $(LIBUUCP)
 CFLAGS+=	-I$(.CURDIR)/../common_sources\
 		-DOWNER=\"$(owner)\"\
 		-DVERSION=\"$(VERSION)\"
+INSTALLFLAGS+= -fschg
 
 .include <bsd.prog.mk>
 .PATH: $(.CURDIR)/../common_sources
diff --git a/gnu/libexec/uucp/uux/Makefile b/gnu/libexec/uucp/uux/Makefile
index 60593523392c..9194c1ea44bd 100644
--- a/gnu/libexec/uucp/uux/Makefile
+++ b/gnu/libexec/uucp/uux/Makefile
@@ -11,6 +11,7 @@ LDADD+=		$(LIBUNIX) $(LIBUUCONF) $(LIBUUCP)
 DPADD+=		$(LIBUNIX) $(LIBUUCONF) $(LIBUUCP)
 CFLAGS+=	-I$(.CURDIR)/../common_sources\
 		-DVERSION=\"$(VERSION)\"
+INSTALLFLAGS+= -fschg
 
 .include <bsd.prog.mk>
 .PATH: $(.CURDIR)/../common_sources
diff --git a/usr.bin/tip/tip/Makefile b/usr.bin/tip/tip/Makefile
index fd208d77e62d..982f3dc55ad2 100644
--- a/usr.bin/tip/tip/Makefile
+++ b/usr.bin/tip/tip/Makefile
@@ -21,6 +21,7 @@ LINKS=	${BINDIR}/tip
 MAN=	tip.1 modems.5
 SRCS=	acu.c acutab.c cmds.c cmdtab.c cu.c hunt.c log.c partab.c \
 	remote.c tip.c tipout.c value.c vars.c
+INSTALLFLAGS+= -fschg
 
 BINDIR?=	/usr/bin
 BINOWN=		uucp