From f518456fdba98b5b881779ce8bfaadf704634d93 Mon Sep 17 00:00:00 2001
From: Neel Natu <neel@FreeBSD.org>
Date: Thu, 21 Aug 2014 19:04:15 +0000
Subject: [PATCH] Change file permissions for some setuid executables so they
 are "o+r". The executable itself doesn't contain any privileged information.

An example of where this is useful is when makefs(8) is creating an image
that includes /sbin/shutdown. This can now be done without root privileges.

Reviewed by:	delphij
Discussed with:	delphij, des
CR:		https://reviews.freebsd.org/D662
---
 sbin/mksnap_ffs/Makefile | 4 ++--
 sbin/shutdown/Makefile   | 2 +-
 usr.sbin/ppp/Makefile    | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/sbin/mksnap_ffs/Makefile b/sbin/mksnap_ffs/Makefile
index 9247cb278edb..de96fa03e0f5 100644
--- a/sbin/mksnap_ffs/Makefile
+++ b/sbin/mksnap_ffs/Makefile
@@ -10,9 +10,9 @@ WARNS?=	2
 CFLAGS+=-I${.CURDIR}/../mount
 
 .if defined(NOSUID)
-BINMODE=550
+BINMODE=554
 .else
-BINMODE=4550
+BINMODE=4554
 BINOWN=	root
 .endif
 BINGRP=	operator
diff --git a/sbin/shutdown/Makefile b/sbin/shutdown/Makefile
index a6ecb93519f0..905d1bc9a04e 100644
--- a/sbin/shutdown/Makefile
+++ b/sbin/shutdown/Makefile
@@ -8,6 +8,6 @@ MLINKS=	shutdown.8 poweroff.8
 
 BINOWN=	root
 BINGRP=	operator
-BINMODE=4550
+BINMODE=4554
 
 .include <bsd.prog.mk>
diff --git a/usr.sbin/ppp/Makefile b/usr.sbin/ppp/Makefile
index beea0ab6600f..dda493e4534c 100644
--- a/usr.sbin/ppp/Makefile
+++ b/usr.sbin/ppp/Makefile
@@ -33,9 +33,9 @@ PPP_NO_PAM=
 .endif
 
 .if defined(PPP_NO_SUID)
-BINMODE=550
+BINMODE=554
 .else
-BINMODE=4550
+BINMODE=4554
 BINOWN=	root
 .endif
 BINGRP=	network