| … | |
… | |
| 127 | |
127 | |
| 128 | I need to make it setuid/setgid to support utmp/ptys on my OS, is this |
128 | I need to make it setuid/setgid to support utmp/ptys on my OS, is this |
| 129 | safe? |
129 | safe? |
| 130 | Likely not. While I honestly try to make it secure, and am probably |
130 | Likely not. While I honestly try to make it secure, and am probably |
| 131 | not bad at it, I think it is simply unreasonable to expect all of |
131 | not bad at it, I think it is simply unreasonable to expect all of |
| 132 | freetype + fontconfig + xft + xlib + ... + rxvt-unicode itself to |
132 | freetype + fontconfig + xft + xlib + perl + ... + rxvt-unicode |
| 133 | all be secure. Also, rxvt-unicode disables some options when it |
133 | itself to all be secure. Also, rxvt-unicode disables some options |
| 134 | detects that it runs setuid or setgid, which is not nice. |
134 | when it detects that it runs setuid or setgid, which is not nice. |
|
|
135 | Besides, with the embedded perl interpreter the possibility for |
|
|
136 | security problems easily multiplies. |
| 135 | |
137 | |
| 136 | Elevated privileges are only required for utmp and pty operations on |
138 | Elevated privileges are only required for utmp and pty operations on |
| 137 | some systems (for example, GNU/Linux doesn't need any extra |
139 | some systems (for example, GNU/Linux doesn't need any extra |
| 138 | privileges for ptys, but some need it for utmp support). If |
140 | privileges for ptys, but some need it for utmp support). It is |
| 139 | rxvt-unicode doesn't support the library/setuid helper that your OS |
141 | planned to mvoe this into a forked handler process, but this is not |
| 140 | needs I'll be happy to assist you in implementing support for it. |
142 | yet done. |
| 141 | |
143 | |
| 142 | So, while setuid/setgid operation is supported and not a problem on |
144 | So, while setuid/setgid operation is supported and not a problem on |
| 143 | your typical single-user-no-other-logins unix desktop, always |
145 | your typical single-user-no-other-logins unix desktop, always |
| 144 | remember that its an awful lot of code, most of which isn't checked |
146 | remember that its an awful lot of code, most of which isn't checked |
| 145 | for security issues regularly. |
147 | for security issues regularly. |
