From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat, 18 Mar 2023 14:47:18 +0000 (+0000)
Subject: FHS: Allow some setuid binaries
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=033373b3a99a6e023a5a3a4261b81d884052258c;p=people%2Fstevee%2Fpakfire.git

FHS: Allow some setuid binaries

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/libpakfire/fhs.c b/src/libpakfire/fhs.c
index 6daf8258..ebd8f797 100644
--- a/src/libpakfire/fhs.c
+++ b/src/libpakfire/fhs.c
@@ -61,6 +61,11 @@ static const struct pakfire_fhs_check {
 	{ "/usr/bin/*",           S_IFDIR,    0,   NULL,   NULL, PAKFIRE_FHS_MUSTNOTEXIST },
 	{ "/usr/sbin/*",          S_IFDIR,    0,   NULL,   NULL, PAKFIRE_FHS_MUSTNOTEXIST },
 
+	// Permitted setuid binaries
+	{ "/usr/bin/passwd",      S_IFREG, 4755, "root", "root", 0 },
+	{ "/usr/bin/su",          S_IFREG, 4755, "root", "root", 0 },
+	{ "/usr/bin/sudo",        S_IFREG, 4755, "root", "root", 0 },
+
 	// Any files in /usr/{,s}bin must be owned by root and have 0755
 	{ "/usr/bin/*",           S_IFREG, 0755, "root", "root", 0 },
 	{ "/usr/sbin/*",          S_IFREG, 0755, "root", "root", 0 },