[PATCH] Re: install parameters

From: Stephen Smalley <sds_at_tislabs.com>
Date: Fri, 28 Sep 2001 15:14:44 -0400 (EDT)

On Fri, 28 Sep 2001, Russell Coker wrote:

> Is there any reason why selinux/module/Makefile runs "install" without using
> the "-m" parameter to specify the permissions?
>
> I think that installing /usr/local/selinux/flask/* mode 755 is a bad idea,
> executing them could lead to unexpected results (yes I know that people
> should be smart enough to not execute them, but it's easy for us to get the
> permissions right).

The attached patch adds the appropriate -m options to the selinux Makefiles. To apply, save this patch to Makefile.patch, change to the selinux directory, and run 'patch -p1 < Makefile.patch'. 

--
Stephen D. Smalley, NAI Labs
ssmalley@nai.com






Index: selinux/libsecure/include/Makefile
diff -u selinux/libsecure/include/Makefile:1.1.1.1 selinux/libsecure/include/Makefile:1.2
--- selinux/libsecure/include/Makefile:1.1.1.1	Fri Jun  1 11:51:40 2001
+++ selinux/libsecure/include/Makefile	Fri Sep 28 15:04:23 2001
@@ -2,4 +2,4 @@
 
 install:
 	mkdir -p $(INCDIR)
-	install $(wildcard *.h) /usr/local/selinux/include
+	install -m 644 $(wildcard *.h) /usr/local/selinux/include
Index: selinux/libsecure/src/Makefile
diff -u selinux/libsecure/src/Makefile:1.2 selinux/libsecure/src/Makefile:1.3
--- selinux/libsecure/src/Makefile:1.2	Mon Jun  4 12:11:33 2001
+++ selinux/libsecure/src/Makefile	Fri Sep 28 15:04:23 2001
@@ -14,7 +14,7 @@
 
 install:
 	mkdir -p $(LIBDIR)
-	install $(TARGET) $(LIBDIR)
+	install -m 644 $(TARGET) $(LIBDIR)
 
 clean : 
 	rm -f *.o $(TARGET)
Index: selinux/libsecure/test/Makefile
diff -u selinux/libsecure/test/Makefile:1.2 selinux/libsecure/test/Makefile:1.3
--- selinux/libsecure/test/Makefile:1.2	Mon Jun  4 12:11:33 2001
+++ selinux/libsecure/test/Makefile	Fri Sep 28 15:04:23 2001
@@ -11,4 +11,4 @@
 
 install: 
 	mkdir -p $(BINDIR)
-	install $(TARGETS) $(BINDIR)
+	install -m 755 $(TARGETS) $(BINDIR)
Index: selinux/module/Makefile
diff -u selinux/module/Makefile:1.10 selinux/module/Makefile:1.11
--- selinux/module/Makefile:1.10	Wed Sep 19 11:30:38 2001
+++ selinux/module/Makefile	Fri Sep 28 15:04:23 2001
@@ -33,11 +33,11 @@
 	mkdir -p $(INCDIR)/asm-$(ARCH)/flask
 	mkdir -p $(BINDIR)
 	( cd $(INCDIR); ln -sf asm-$(ARCH) asm)
-	cd selinux_plug/flask; install access_vectors security_classes initial_sids $(FLASKDIR)
-	cd selinux_plug/include/linux/flask; install *.h $(INCDIR)/linux/flask
-	cd selinux_plug/include/asm/flask; install *.h $(INCDIR)/asm/flask
-	cd ../../lsm/include/asm; install unistd.h $(INCDIR)/asm
-	cd selinux_plug/ss; install checkpolicy $(BINDIR)
+	cd selinux_plug/flask; install -m 644 access_vectors security_classes initial_sids $(FLASKDIR)
+	cd selinux_plug/include/linux/flask; install -m 644 *.h $(INCDIR)/linux/flask
+	cd selinux_plug/include/asm/flask; install -m 644 *.h $(INCDIR)/asm/flask
+	cd ../../lsm/include/asm; install -m 644 unistd.h $(INCDIR)/asm
+	cd selinux_plug/ss; install -m 755 checkpolicy $(BINDIR)
 
 clean:
 	find selinux_plug \( -name Makefile -o -name *.o -o -name checkpolicy -o -name '.*.flags' \) -type f -exec rm -f {} \;

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
Received on Fri 28 Sep 2001 - 15:35:02 EDT

This archive was generated by hypermail 2.2.0 on Wed 11 Jun 2008 - 08:10:26 EDT