summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTheo de Raadt <deraadt@cvs.openbsd.org>2023-01-18 20:43:16 +0000
committerTheo de Raadt <deraadt@cvs.openbsd.org>2023-01-18 20:43:16 +0000
commit7e290f02014c604404ee3b9339ada8dfea7a2fb5 (patch)
treea54617a8c6b157b52594b337a5cbfc5d23487b4d
parent42c57085e27e227e6ef7f3e99c113939a7f983e4 (diff)
Create and install sshd random relink kit.
../Makefile.inc and Makfile are concatenated for reuse, which hopefully won't be too fragile, we'll see if we need a different approach. The resulting sshd binary is tested with the new sshd -V option before installation. As the binary layout is now semi-unknown (meaning relative, fixed, and gadget offsets are not precisely known), change the filesystem permissions to 511 to prevent what I call "logged in BROP". I have ideas for improving this further but this is a first step ok djm
-rw-r--r--usr.bin/ssh/sshd/Makefile22
1 files changed, 21 insertions, 1 deletions
diff --git a/usr.bin/ssh/sshd/Makefile b/usr.bin/ssh/sshd/Makefile
index 36455261db1..22659d1f71e 100644
--- a/usr.bin/ssh/sshd/Makefile
+++ b/usr.bin/ssh/sshd/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.106 2022/05/27 05:02:46 djm Exp $
+# $OpenBSD: Makefile,v 1.107 2023/01/18 20:43:15 deraadt Exp $
.PATH: ${.CURDIR}/..
@@ -14,6 +14,7 @@ SRCS+= ${SRCS_BASE} ${SRCS_KEX} ${SRCS_KEXS} ${SRCS_KEY} ${SRCS_KEYP} \
${SRCS_SK_CLIENT}
PROG= sshd
+BINMODE=511
BINDIR= /usr/sbin
MAN= sshd.8 sshd_config.5
@@ -46,3 +47,22 @@ DPADD+= ${LIBUTIL}
LDADD+= -lz
DPADD+= ${LIBZ}
.endif
+
+# The random relink kit, used on OpenBSD by /etc/rc
+
+Makefile.relink: ${.CURDIR}/../Makefile.inc ${.CURDIR}/Makefile
+ # XXX assume a concatenation of these is OK
+ cat ${.CURDIR}/../Makefile.inc ${.CURDIR}/Makefile > Makefile.relink
+
+${PROG} sshd.tar: ${OBJS} Makefile.relink
+ tar cf $@ ${OBJS} Makefile.relink
+
+afterinstall: sshd.tar
+ install -d -o root -g wheel -m 755 \
+ ${DESTDIR}/usr/share/relink/usr/sbin/sshd
+ install -o ${BINOWN} -g ${BINGRP} -m 640 \
+ sshd.tar ${DESTDIR}/usr/share/relink/usr/sbin/sshd/sshd.tar
+
+relink:
+ cc -o sshd `echo ${OBJS} | tr ' ' '\n' | sort -R` ${LDADD}
+ ./sshd -V && install -o root -g wheel -m ${BINMODE} sshd /usr/sbin/sshd