From: Nathan Holstein <nathan.holstein@gmail.com>
Date: Sun, 2 Aug 2015 18:53:48 +0000 (-0400)
Subject: Restrict read permissions of doas binary.
X-Git-Tag: v0.1~39
X-Git-Url: https://git.armaanb.net/?p=opendoas.git;a=commitdiff_plain;h=0c99b3ad0c8dda90c1cb1c230aeb46d7a78c5141

Restrict read permissions of doas binary.

This mimics the permissions of sudo from Mac OSX.

Additionally, some gymnastics are performed to set the permissions and
owners of the binary before copying it to BINDIR.
---

diff --git a/Makefile b/Makefile
index 167d8dd..7ccacea 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,6 @@
 #	$OpenBSD: Makefile,v 1.9 2014/01/13 01:41:00 tedu Exp $
+#
+# Copyright 2015 Nathan Holstein
 
 SRCS=	parse.y doas.c
 
@@ -7,7 +9,7 @@ MAN=	doas.1 doas.conf.5
 
 BINOWN= root
 BINGRP= wheel
-BINMODE=4555
+BINMODE=4511
 
 COPTS+= -Wall -Wextra -Werror -pedantic -std=c11
 CFLAGS+= -I${CURDIR} -I${CURDIR}/libopenbsd ${COPTS}
@@ -29,10 +31,13 @@ OBJS:=${OBJS:.c=.o}
 ${PROG}: ${OBJS} libopenbsd.a
 	${CC} ${CFLAGS} ${LDFLAGS} $^ -o $@
 
-${BINDIR}/${PROG}: ${PROG}
+.%.chmod: %
 	cp $< $@
-	chown ${BINOWN}:${BINGRP} $@
 	chmod ${BINMODE} $@
+	chown ${BINOWN}:${BINGRP} $@
+
+${BINDIR}/${PROG}: .${PROG}.chmod
+	mv $< $@
 
 install: ${BINDIR}/${PROG}
 
@@ -43,3 +48,4 @@ clean:
 	rm -f ${PROG}
 
 .PHONY: default clean install
+.INTERMEDIATE: .${PROG}.chmod