From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat, 15 Oct 2011 09:13:52 +0000 (+0200)
Subject: util-linux: Remove SUID bit from mount and umount.
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=daf779d6266278b7d4ffeda9d99e4ad0d696fe72;p=ipfire-3.x.git

util-linux: Remove SUID bit from mount and umount.

We can use capabilities here, which brings us some
security advantages.
---

diff --git a/util-linux/util-linux.nm b/util-linux/util-linux.nm
index 681de6467..4247cabca 100644
--- a/util-linux/util-linux.nm
+++ b/util-linux/util-linux.nm
@@ -6,7 +6,7 @@
 name       = util-linux
 version    = 2.19
 major_ver  = 2.19
-release    = 5
+release    = 6
 
 groups     = System/Base
 url        = http://kernel.org/~kzak/util-linux/
@@ -85,6 +85,12 @@ build
 		# Create /etc/mtab symlink
 		mkdir -pv %{BUILDROOT}/etc
 		ln -svf /proc/mounts %{BUILDROOT}/etc/mtab
+
+		# Set capabilities
+		chmod -v -s %{BUILDROOT}/bin/mount
+		setcap CAP_DAC_OVERRIDE,CAP_SYS_ADMIN=ep %{BUILDROOT}/bin/mount
+		chmod -v -s %{BUILDROOT}/bin/umount
+		setcap CAP_DAC_OVERRIDE,CAP_SYS_ADMIN=ep %{BUILDROOT}/bin/umount
 	end
 end