diff options
author | Richard Ipsum <richardipsum@fastmail.co.uk> | 2017-06-22 19:02:53 +0100 |
---|---|---|
committer | Richard Ipsum <richardipsum@fastmail.co.uk> | 2017-07-08 23:43:45 +0100 |
commit | 8d8b213c4c91efa388560037b40b19d8c2b59549 (patch) | |
tree | e8b720506c583e5c50dd88b995900f635fe5045e | |
parent | 63ee18cee0fa87cbac11f7688d460200ac61cdb8 (diff) | |
download | supple-8d8b213c4c91efa388560037b40b19d8c2b59549.tar.gz |
setuid only if root
Running the sandbox without setuid is less secure, but it will still work,
it is not possible for nix to make binaries setuid when being used as a
pkg manager outside of NixOS, i.e. on Debian.
-rw-r--r-- | Makefile | 6 |
1 files changed, 4 insertions, 2 deletions
@@ -59,8 +59,10 @@ install: build mkdir -p $(CINST_ROOT)/supple mkdir -p $(BINST_ROOT) cp wrapper $(DESTDIR)$(WRAPPER_PATH) - chown root:root $(DESTDIR)$(WRAPPER_PATH) - chmod u+s $(DESTDIR)$(WRAPPER_PATH) + if [ "$$(whoami)" = "root" ]; then \ + chown root:root $(DESTDIR)$(WRAPPER_PATH); \ + chmod u+s $(DESTDIR)$(WRAPPER_PATH); \ + fi for MOD in $(sort $(LMOD_FILES)); do \ $(COPY_LMOD) lib/$${MOD} > $(LINST_ROOT)/$${MOD}; \ done |