Check that DESTDIR is on a noperm filesystem that's properly locked

down and enforce reasonable permissions for RELEASEDIR.

prodded by and ok deraadt
ok tb

1 files changed, 14 insertions, 1 deletions

diff --git a/etc/Makefile b/etc/Makefile
index 0a57bc7a1a5..1fd729126a4 100644
--- a/etc/Makefile
+++ b/etc/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.440 2016/10/06 20:20:41 reyk Exp $
+#	$OpenBSD: Makefile,v 1.441 2016/10/09 14:23:10 natano Exp $
 
 TZDIR=		/usr/share/zoneinfo
 LOCALTIME=	Canada/Mountain
@@ -252,6 +252,19 @@ release:
 		echo $@ must be called by root >&2; \
 		false; \
 	fi
+	@destmp=`df -P ${DESTDIR} | awk 'END { print $$6 }'`; \
+	if ! mount | grep -q " $${destmp} .*noperm"; then \
+		echo ${DESTDIR} must be on a noperm filesystem >&2; \
+		false; \
+	fi; \
+	if [[ `stat -f '%Su %Lp' $${destmp}` != '${BUILDUSER} 700' ]]; then \
+		echo $${destmp} must have owner BUILDUSER and mode 700 >&2; \
+		false; \
+	fi
+	@if [[ `stat -f '%Su %Lp' ${RELEASEDIR}` != '${BUILDUSER} 700' ]]; then \
+		echo ${RELEASEDIR} must have owner BUILDUSER and mode 700 >&2; \
+		false; \
+	fi
 	${MAKE} release-sets
 	${MAKE} distrib
 	su ${BUILDUSER} -c 'exec ${MAKE} sha'