aboutsummaryrefslogtreecommitdiffstats
path: root/package/network
diff options
context:
space:
mode:
authorKevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>2018-10-11 09:46:42 +0100
committerKevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>2018-10-30 09:25:32 +0000
commit3dba85254719215747e150301081477a47b38645 (patch)
tree9e6243bdf8bf514c6e6772aeb757195eb939220a /package/network
parent162e016fed96eeea410e305b7edaf7008cf6ab77 (diff)
downloadupstream-3dba85254719215747e150301081477a47b38645.tar.gz
upstream-3dba85254719215747e150301081477a47b38645.tar.bz2
upstream-3dba85254719215747e150301081477a47b38645.zip
dnsmasq: tighten config file permissions
Install following as config files (600) perms instead of as data (644) /usr/share/dnsmasq/dhcpbogushostname.conf /usr/share/dnsmasq/trust-anchors.conf /usr/share/dnsmasq/rfc6761.conf /etc/hotplug.d/ntp/25-dnsmasqsec /etc/config/dhcp /etc/dnsmasq.conf dnsmasq reads relevant config files before dropping root privilege and running as dnsmasq:dnsmasq ntpd runs as root so the hotplug script is still accessible Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Diffstat (limited to 'package/network')
-rw-r--r--package/network/services/dnsmasq/Makefile12
1 files changed, 6 insertions, 6 deletions
diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile
index 5e76579e4b..59f5fb6158 100644
--- a/package/network/services/dnsmasq/Makefile
+++ b/package/network/services/dnsmasq/Makefile
@@ -156,18 +156,18 @@ define Package/dnsmasq/install
$(INSTALL_DIR) $(1)/usr/sbin
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/dnsmasq $(1)/usr/sbin/
$(INSTALL_DIR) $(1)/etc/config
- $(INSTALL_DATA) ./files/dhcp.conf $(1)/etc/config/dhcp
- $(INSTALL_DATA) ./files/dnsmasq.conf $(1)/etc/dnsmasq.conf
+ $(INSTALL_CONF) ./files/dhcp.conf $(1)/etc/config/dhcp
+ $(INSTALL_CONF) ./files/dnsmasq.conf $(1)/etc/dnsmasq.conf
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/dnsmasq.init $(1)/etc/init.d/dnsmasq
$(INSTALL_DIR) $(1)/etc/hotplug.d/dhcp
$(INSTALL_DIR) $(1)/etc/hotplug.d/neigh
$(INSTALL_DIR) $(1)/etc/hotplug.d/ntp
$(INSTALL_DIR) $(1)/etc/hotplug.d/tftp
- $(INSTALL_DATA) ./files/dnsmasqsec.hotplug $(1)/etc/hotplug.d/ntp/25-dnsmasqsec
+ $(INSTALL_CONF) ./files/dnsmasqsec.hotplug $(1)/etc/hotplug.d/ntp/25-dnsmasqsec
$(INSTALL_DIR) $(1)/usr/share/dnsmasq
- $(INSTALL_DATA) ./files/dhcpbogushostname.conf $(1)/usr/share/dnsmasq/
- $(INSTALL_DATA) ./files/rfc6761.conf $(1)/usr/share/dnsmasq/
+ $(INSTALL_CONF) ./files/dhcpbogushostname.conf $(1)/usr/share/dnsmasq/
+ $(INSTALL_CONF) ./files/rfc6761.conf $(1)/usr/share/dnsmasq/
$(INSTALL_DIR) $(1)/usr/lib/dnsmasq
$(INSTALL_BIN) ./files/dhcp-script.sh $(1)/usr/lib/dnsmasq/dhcp-script.sh
$(INSTALL_DIR) $(1)/usr/share/acl.d
@@ -180,7 +180,7 @@ define Package/dnsmasq-full/install
$(call Package/dnsmasq/install,$(1))
ifneq ($(CONFIG_PACKAGE_dnsmasq_full_dnssec),)
$(INSTALL_DIR) $(1)/usr/share/dnsmasq
- $(INSTALL_DATA) $(PKG_BUILD_DIR)/trust-anchors.conf $(1)/usr/share/dnsmasq
+ $(INSTALL_CONF) $(PKG_BUILD_DIR)/trust-anchors.conf $(1)/usr/share/dnsmasq
endif
endef