--- cvsroot/rxvt-unicode/README.FAQ 2006/01/09 01:54:43 1.22 +++ cvsroot/rxvt-unicode/README.FAQ 2006/01/11 19:55:33 1.24 @@ -37,7 +37,7 @@ this still fares rather well. And compared to some monsters like gnome-terminal (21152k + extra 4204k in separate processes) or konsole (22200k + extra 43180k in daemons that stay around after - exit, plus half aminute of startup time, including the hundreds of + exit, plus half a minute of startup time, including the hundreds of warnings it spits out), it fares extremely well *g*. Why C++, isn't that unportable/bloated/uncool? @@ -129,15 +129,17 @@ safe? Likely not. While I honestly try to make it secure, and am probably not bad at it, I think it is simply unreasonable to expect all of - freetype + fontconfig + xft + xlib + ... + rxvt-unicode itself to - all be secure. Also, rxvt-unicode disables some options when it - detects that it runs setuid or setgid, which is not nice. + freetype + fontconfig + xft + xlib + perl + ... + rxvt-unicode + itself to all be secure. Also, rxvt-unicode disables some options + when it detects that it runs setuid or setgid, which is not nice. + Besides, with the embedded perl interpreter the possibility for + security problems easily multiplies. Elevated privileges are only required for utmp and pty operations on some systems (for example, GNU/Linux doesn't need any extra - privileges for ptys, but some need it for utmp support). If - rxvt-unicode doesn't support the library/setuid helper that your OS - needs I'll be happy to assist you in implementing support for it. + privileges for ptys, but some need it for utmp support). It is + planned to mvoe this into a forked handler process, but this is not + yet done. So, while setuid/setgid operation is supported and not a problem on your typical single-user-no-other-logins unix desktop, always