]> git.ipfire.org Git - people/stevee/pakfire.git/commitdiff
projects / people / stevee / pakfire.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a5149a2)
FHS: Allow some setuid binaries
authorMichael Tremer <michael.tremer@ipfire.org>
Sat, 18 Mar 2023 14:47:18 +0000 (14:47 +0000)
committerMichael Tremer <michael.tremer@ipfire.org>
Sat, 18 Mar 2023 14:47:18 +0000 (14:47 +0000)
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
src/libpakfire/fhs.c patch | blob | blame | history

diff --git a/src/libpakfire/fhs.c b/src/libpakfire/fhs.c
index 6daf8258b601f68f596e56c15278da68988ad4d1..ebd8f7974c56198be9f37f237adbb5f70ebdd93a 100644 (file)
--- a/src/libpakfire/fhs.c
+++ b/src/libpakfire/fhs.c
@@ -61,6 +61,11 @@ static const struct pakfire_fhs_check {
        { "/usr/bin/*",           S_IFDIR,    0,   NULL,   NULL, PAKFIRE_FHS_MUSTNOTEXIST },
        { "/usr/sbin/*",          S_IFDIR,    0,   NULL,   NULL, PAKFIRE_FHS_MUSTNOTEXIST },
 
+       // Permitted setuid binaries
+       { "/usr/bin/passwd",      S_IFREG, 4755, "root", "root", 0 },
+       { "/usr/bin/su",          S_IFREG, 4755, "root", "root", 0 },
+       { "/usr/bin/sudo",        S_IFREG, 4755, "root", "root", 0 },
+
        // Any files in /usr/{,s}bin must be owned by root and have 0755
        { "/usr/bin/*",           S_IFREG, 0755, "root", "root", 0 },
        { "/usr/sbin/*",          S_IFREG, 0755, "root", "root", 0 },
Stefan's tree of pakfire.