diff options
author | Mantas Mikulėnas | 2022-02-24 07:30:26 +0200 |
---|---|---|
committer | Mantas Mikulėnas | 2022-02-24 07:30:26 +0200 |
commit | ae44dadfac3eb400462a4de87e84a7f6b31d0dda (patch) | |
tree | 401674cbc63c2ca941e817371633faed2e06a85a | |
parent | 488bddf5300bc8520789fc2f4d2419d181ce2aed (diff) | |
download | aur-ae44dadfac3eb400462a4de87e84a7f6b31d0dda.tar.gz |
further restrictions on setuid tools
-rw-r--r-- | .SRCINFO | 2 | ||||
-rw-r--r-- | PKGBUILD | 12 |
2 files changed, 10 insertions, 4 deletions
@@ -1,7 +1,7 @@ pkgbase = open-plc-utils pkgdesc = Qualcomm Atheros Open Powerline Toolkit for HomePlug AV pkgver = r524.gbb50f635 - pkgrel = 3 + pkgrel = 4 url = https://github.com/qca/open-plc-utils arch = i686 arch = x86_64 @@ -1,7 +1,7 @@ # Maintainer: Mantas Mikulėnas <grawity@gmail.com> pkgname=open-plc-utils pkgver=r524.gbb50f635 -pkgrel=3 +pkgrel=4 pkgdesc="Qualcomm Atheros Open Powerline Toolkit for HomePlug AV" arch=(i686 x86_64) url=https://github.com/qca/open-plc-utils @@ -30,8 +30,14 @@ package() { mkdir -p "$pkgdir"/usr/share/doc/$pkgname cp -av docbook "$pkgdir"/usr/share/doc/$pkgname/docbook - # Make the binaries look less scary in `ls` - find "$pkgdir"/usr/bin -type f -perm /u+s,g+s \ + # Restrict binaries that send or capture arbitrary frames + for f in "$pkgdir"/usr/bin/e[df]??; do + chmod -c u-s "$f" + done + + # Make the remaining binaries look less scary in `ls` + # (I'm still on the fence about making all of them :wheel-only) + find "$pkgdir"/usr/bin -type f -perm /u+s \ -exec chmod -c u-s {} \; \ -exec setcap cap_net_raw=ep {} \; } |