… | |
… | |
35 | |
35 | |
36 | Compared to e.g. Eterm (5112k), aterm (3132k) and xterm (4680k), |
36 | Compared to e.g. Eterm (5112k), aterm (3132k) and xterm (4680k), |
37 | this still fares rather well. And compared to some monsters like |
37 | this still fares rather well. And compared to some monsters like |
38 | gnome-terminal (21152k + extra 4204k in separate processes) or |
38 | gnome-terminal (21152k + extra 4204k in separate processes) or |
39 | konsole (22200k + extra 43180k in daemons that stay around after |
39 | konsole (22200k + extra 43180k in daemons that stay around after |
40 | exit, plus half aminute of startup time, including the hundreds of |
40 | exit, plus half a minute of startup time, including the hundreds of |
41 | warnings it spits out), it fares extremely well *g*. |
41 | warnings it spits out), it fares extremely well *g*. |
42 | |
42 | |
43 | Why C++, isn't that unportable/bloated/uncool? |
43 | Why C++, isn't that unportable/bloated/uncool? |
44 | Is this a question? :) It comes up very often. The simple answer is: |
44 | Is this a question? :) It comes up very often. The simple answer is: |
45 | I had to write it, and C++ allowed me to write and maintain it in a |
45 | I had to write it, and C++ allowed me to write and maintain it in a |
… | |
… | |
127 | |
127 | |
128 | I need to make it setuid/setgid to support utmp/ptys on my OS, is this |
128 | I need to make it setuid/setgid to support utmp/ptys on my OS, is this |
129 | safe? |
129 | safe? |
130 | Likely not. While I honestly try to make it secure, and am probably |
130 | Likely not. While I honestly try to make it secure, and am probably |
131 | not bad at it, I think it is simply unreasonable to expect all of |
131 | not bad at it, I think it is simply unreasonable to expect all of |
132 | freetype + fontconfig + xft + xlib + ... + rxvt-unicode itself to |
132 | freetype + fontconfig + xft + xlib + perl + ... + rxvt-unicode |
133 | all be secure. Also, rxvt-unicode disables some options when it |
133 | itself to all be secure. Also, rxvt-unicode disables some options |
134 | detects that it runs setuid or setgid, which is not nice. |
134 | when it detects that it runs setuid or setgid, which is not nice. |
|
|
135 | Besides, with the embedded perl interpreter the possibility for |
|
|
136 | security problems easily multiplies. |
135 | |
137 | |
136 | Elevated privileges are only required for utmp and pty operations on |
138 | Elevated privileges are only required for utmp and pty operations on |
137 | some systems (for example, GNU/Linux doesn't need any extra |
139 | some systems (for example, GNU/Linux doesn't need any extra |
138 | privileges for ptys, but some need it for utmp support). If |
140 | privileges for ptys, but some need it for utmp support). It is |
139 | rxvt-unicode doesn't support the library/setuid helper that your OS |
141 | planned to mvoe this into a forked handler process, but this is not |
140 | needs I'll be happy to assist you in implementing support for it. |
142 | yet done. |
141 | |
143 | |
142 | So, while setuid/setgid operation is supported and not a problem on |
144 | So, while setuid/setgid operation is supported and not a problem on |
143 | your typical single-user-no-other-logins unix desktop, always |
145 | your typical single-user-no-other-logins unix desktop, always |
144 | remember that its an awful lot of code, most of which isn't checked |
146 | remember that its an awful lot of code, most of which isn't checked |
145 | for security issues regularly. |
147 | for security issues regularly. |