Permissions for shared libraries in Kerberos
kaduk at mit.edu
Sat Nov 28 22:50:36 EST 2020
On Fri, Nov 27, 2020 at 11:09:10PM -0800, Cy Schubert wrote:
> In message <20201126190626.GD34187 at kduck.mit.edu>, Benjamin Kaduk writes:
> > They end up shared on FreeBSD (via packaging) as well, though I'm not the
> > package maintainer for that one and didn't fully track down exactly where
> > that happens. (The default INSTALL_LIB specifies a file mode to use, but
> > it was not entirely clear to me that we actually honor INSTALL_LIB just
> > from a `git grep`.)
> Packaging of krb5 on FreeBSD uses the defaults in ports, that being 0644.
> The only override within the four krb5 ports is for ksu because packaging
> strips the setuid bit and therefore must be set (again) in the packaging
> plist file. In other words the FreeBSD krb5 packages are vanilla krb5. If
> they are changed to 0755 I'll probably adjust the SHAREMODE to 0644 in the
> packaging plist file, simply to avoid a ticket.
Oops, my shell history points out that I only looked at the x bit on the
libkrb5.so symlink and not the actual libraries themselves.
Sorry for the confusing/wrong statement (but on the plus side, I am less
confused about how it got that way, now!).
More information about the krbdev