diff options
| author | Bertrand Marc <beberking@gmail.com> | 2012-05-05 18:06:34 +0200 |
|---|---|---|
| committer | Bertrand Marc <beberking@gmail.com> | 2012-05-05 18:06:34 +0200 |
| commit | 2d3dbb8e5768198b839c8337dab439d29e89d883 (patch) | |
| tree | 46def5e25e3d95a5693aacfa353e2e7fa59a74d8 | |
| parent | 6d4016b054fbef01fecc0b5d6ae23c5e82dfb7ae (diff) | |
Use dpkg-statoverride to set and remove setuid permissions.
| -rw-r--r-- | debian/gnunet-server.postinst | 28 | ||||
| -rw-r--r-- | debian/gnunet-server.postrm | 14 |
2 files changed, 33 insertions, 9 deletions
diff --git a/debian/gnunet-server.postinst b/debian/gnunet-server.postinst index 1ecb27a..5ae5660 100644 --- a/debian/gnunet-server.postinst +++ b/debian/gnunet-server.postinst @@ -60,16 +60,26 @@ case "${1}" in # Secure access to the data directory chmod 0700 "${SERVICEHOME}" || true # Restrict access on setuid binaries - chgrp ${_GROUPNAME} /usr/bin/gnunet-helper-exit \ - /usr/bin/gnunet-helper-nat* /usr/bin/gnunet-helper-transport-wlan \ + for i in /usr/bin/gnunet-helper-exit \ + /usr/bin/gnunet-helper-nat-client \ + /usr/bin/gnunet-helper-nat-server \ + /usr/bin/gnunet-helper-transport-wlan \ /usr/bin/gnunet-helper-vpn - chmod 4754 /usr/bin/gnunet-helper-exit \ - /usr/bin/gnunet-helper-nat* /usr/bin/gnunet-helper-transport-wlan \ - /usr/bin/gnunet-helper-vpn - chgrp ${GNUNETDNS_GROUP} /usr/bin/gnunet-helper-dns - chmod 4754 /usr/bin/gnunet-helper-dns - chown ${_USERNAME}:${GNUNETDNS_GROUP} /usr/bin/gnunet-service-dns - chmod 2754 /usr/bin/gnunet-service-dns + do + # only do something when no setting exists + if ! dpkg-statoverride --list $i >/dev/null 2>&1 + then + dpkg-statoverride --update --add root ${_GROUPNAME} 4754 $i + fi + done + if ! dpkg-statoverride --list /usr/bin/gnunet-helper-dns >/dev/null 2>&1 + then + dpkg-statoverride --update --add root ${GNUNETDNS_GROUP} 4754 /usr/bin/gnunet-helper-dns + fi + if ! dpkg-statoverride --list /usr/bin/gnunet-service-dns >/dev/null 2>&1 + then + dpkg-statoverride --update --add ${_USERNAME} ${GNUNETDNS_GROUP} 2754 /usr/bin/gnunet-service-dns + fi echo " done." # Writing new values to configuration file diff --git a/debian/gnunet-server.postrm b/debian/gnunet-server.postrm index 038a6a7..554ea0c 100644 --- a/debian/gnunet-server.postrm +++ b/debian/gnunet-server.postrm @@ -8,6 +8,20 @@ case "${1}" in _GROUPNAME="gnunet" GNUNETDNS_GROUP="gnunetdns" + for i in /usr/bin/gnunet-helper-exit \ + /usr/bin/gnunet-helper-nat-client \ + /usr/bin/gnunet-helper-nat-server \ + /usr/bin/gnunet-helper-transport-wlan \ + /usr/bin/gnunet-helper-vpn \ + /usr/bin/gnunet-helper-dns \ + /usr/bin/gnunet-service-dns + do + if dpkg-statoverride --list $i >/dev/null 2>&1 + then + dpkg-statoverride --remove $i + fi + done + if [ -x /usr/sbin/deluser ] then deluser --quiet --system ${_USERNAME} |