Don't give launchd daemon plists execute permission.

They don't need it; read permission suffices. While we're at it, rename a variable to indicate that it's the path to the plist for ChmodBPF, not the path to the executable for ChmodBPF. Change-Id: Ib7537e26ae3f4477c4110759049a8cd7d2f09cf6 Reviewed-on: https://code.wireshark.org/review/30303 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2018-10-21 11:29:09 -07:00 · 2018-10-21 11:29:09 -07:00 · aed46e7eb1
parent aea4e4b42a
commit aed46e7eb1
1 changed files with 5 additions and 5 deletions
--- a/packaging/macosx/Scripts/chmodbpf-postinstall.sh
+++ b/packaging/macosx/Scripts/chmodbpf-postinstall.sh
@ -1,6 +1,6 @@
 #!/bin/sh

-CHMOD_BPF="/Library/LaunchDaemons/org.wireshark.ChmodBPF.plist"
+CHMOD_BPF_PLIST="/Library/LaunchDaemons/org.wireshark.ChmodBPF.plist"
 BPF_GROUP="access_bpf"
 BPF_GROUP_NAME="BPF device access ACL"

@ -9,10 +9,10 @@ dscl . -read /Groups/"$BPF_GROUP" > /dev/null 2>&1 || \
 dseditgroup -q -o edit -a "$USER" -t user "$BPF_GROUP"

 cp "/Library/Application Support/Wireshark/ChmodBPF/org.wireshark.ChmodBPF.plist" \
-    "$CHMOD_BPF"
-chmod 755 "$CHMOD_BPF"
-chown root:wheel "$CHMOD_BPF"
+    "$CHMOD_BPF_PLIST"
+chmod u=rw,g=r,o=r "$CHMOD_BPF_PLIST"
+chown root:wheel "$CHMOD_BPF_PLIST"

 rm -rf /Library/StartupItems/ChmodBPF

-launchctl load "$CHMOD_BPF"
+launchctl load "$CHMOD_BPF_PLIST"