From 893c493314e12631d90c724ce2c985174cc24f17 Mon Sep 17 00:00:00 2001
From: cassio <cassiopc@gmail.com>
Date: Wed, 29 Aug 2018 15:03:37 +0200
Subject: forcing chmod no postinstall

---
 Makefile                              | 3 +++
 debian/boca-submission-tools.postinst | 7 ++++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 78fafdc..af01438 100644
--- a/Makefile
+++ b/Makefile
@@ -23,18 +23,21 @@ install-bocaapache:
 install-scripts:
 	mkdir -p $(DESTDIR)/usr/sbin/
 	install tools/dump.sh $(DESTDIR)/usr/sbin/boca-dump
+	chmod 700 $(DESTDIR)/usr/sbin/boca-dump
 
 install-bocadb:
 	mkdir -p $(DESTDIR)/usr/sbin/
 	mkdir -p $(DESTDIR)/etc
 	cp -r tools/postgresql $(DESTDIR)/etc
 	install tools/boca-createdb.sh $(DESTDIR)/usr/sbin/boca-createdb
+	chmod 700 $(DESTDIR)/usr/sbin/boca-createdb
 
 install-bocacommon: install-bocawww
 	mkdir -p $(DESTDIR)/usr/sbin/
 	mkdir -p $(DESTDIR)/etc/
 	cp tools/boca.conf $(DESTDIR)/etc/
 	install tools/boca-config-dbhost.sh $(DESTDIR)/usr/sbin/boca-config-dbhost
+	chmod 700 $(DESTDIR)/usr/sbin/boca-config-dbhost
 
 install-bocaautojudge: tools/safeexec
 	mkdir -p $(DESTDIR)/usr/sbin/
diff --git a/debian/boca-submission-tools.postinst b/debian/boca-submission-tools.postinst
index 17945a4..dd3f8e4 100644
--- a/debian/boca-submission-tools.postinst
+++ b/debian/boca-submission-tools.postinst
@@ -1,7 +1,12 @@
 #!/bin/bash
 
-#Make sure wrapper is suid
+#Make sure wrapper is suid and others are not readable
 chmod 4555 /usr/bin/boca-submit-run-root-wrapper
+chmod 700 /usr/sbin/boca-fixes
+chmod 700 /usr/sbin/boca-auth-runs
+chmod 700 /usr/sbin/boca-outmanage
+chmod 700 /usr/sbin/boca-submit-log
+chmod 700 /usr/bin/boca-submit-run-*
 
 for i in boca-submit-list boca-submit-oldlist; do
   rm -f /usr/bin/$i || true
-- 
cgit v1.2.3