… | |
… | |
127 | .\} |
127 | .\} |
128 | .rm #[ #] #H #V #F C |
128 | .rm #[ #] #H #V #F C |
129 | .\" ======================================================================== |
129 | .\" ======================================================================== |
130 | .\" |
130 | .\" |
131 | .IX Title "rxvt 7" |
131 | .IX Title "rxvt 7" |
132 | .TH rxvt 7 "2006-01-16" "7.0" "RXVT-UNICODE" |
132 | .TH rxvt 7 "2006-01-17" "7.1" "RXVT-UNICODE" |
133 | .SH "NAME" |
133 | .SH "NAME" |
134 | RXVT REFERENCE \- FAQ, command sequences and other background information |
134 | RXVT REFERENCE \- FAQ, command sequences and other background information |
135 | .SH "SYNOPSIS" |
135 | .SH "SYNOPSIS" |
136 | .IX Header "SYNOPSIS" |
136 | .IX Header "SYNOPSIS" |
137 | .Vb 2 |
137 | .Vb 2 |
… | |
… | |
332 | one with \f(CW\*(C`\-\-disable\-everything\*(C'\fR (very useful) and a maximal one with |
332 | one with \f(CW\*(C`\-\-disable\-everything\*(C'\fR (very useful) and a maximal one with |
333 | \&\f(CW\*(C`\-\-enable\-everything\*(C'\fR (less useful, it will be very big due to a lot of |
333 | \&\f(CW\*(C`\-\-enable\-everything\*(C'\fR (less useful, it will be very big due to a lot of |
334 | encodings built-in that increase download times and are rarely used). |
334 | encodings built-in that increase download times and are rarely used). |
335 | .IP "I need to make it setuid/setgid to support utmp/ptys on my \s-1OS\s0, is this safe?" 4 |
335 | .IP "I need to make it setuid/setgid to support utmp/ptys on my \s-1OS\s0, is this safe?" 4 |
336 | .IX Item "I need to make it setuid/setgid to support utmp/ptys on my OS, is this safe?" |
336 | .IX Item "I need to make it setuid/setgid to support utmp/ptys on my OS, is this safe?" |
337 | Likely not. While I honestly try to make it secure, and am probably not |
337 | It should be, starting with release 7.1. You are encouraged to properly |
338 | bad at it, I think it is simply unreasonable to expect all of freetype |
338 | install urxvt with privileges necessary for your \s-1OS\s0 now. |
339 | + fontconfig + xft + xlib + perl + ... + rxvt-unicode itself to all be |
|
|
340 | secure. Also, rxvt-unicode disables some options when it detects that it |
|
|
341 | runs setuid or setgid, which is not nice. Besides, with the embedded perl |
|
|
342 | interpreter the possibility for security problems easily multiplies. |
|
|
343 | .Sp |
339 | .Sp |
344 | Elevated privileges are only required for utmp and pty operations on some |
340 | When rxvt-unicode detects that it runs setuid or setgid, it will fork |
345 | systems (for example, GNU/Linux doesn't need any extra privileges for |
341 | into a helper process for privileged operations (pty handling on some |
346 | ptys, but some need it for utmp support). It is planned to mvoe this into |
342 | systems, utmp/wtmp/lastlog handling on others) and drop privileges |
347 | a forked handler process, but this is not yet done. |
343 | immediately. This is much safer than most other terminals that keep |
|
|
344 | privileges while running (but is more relevant to urxvt, as it contains |
|
|
345 | things as perl interpreters, which might be \*(L"helpful\*(R" to attackers). |
348 | .Sp |
346 | .Sp |
349 | So, while setuid/setgid operation is supported and not a problem on your |
347 | This forking is done as the very first within \fImain()\fR, which is very early |
350 | typical single-user-no-other-logins unix desktop, always remember that |
348 | and reduces possible bugs to initialisation code run before \fImain()\fR, or |
351 | its an awful lot of code, most of which isn't checked for security issues |
349 | things like the dynamic loader of your system, which should result in very |
352 | regularly. |
350 | little risk. |
353 | .IP "When I log-in to another system it tells me about missing terminfo data?" 4 |
351 | .IP "When I log-in to another system it tells me about missing terminfo data?" 4 |
354 | .IX Item "When I log-in to another system it tells me about missing terminfo data?" |
352 | .IX Item "When I log-in to another system it tells me about missing terminfo data?" |
355 | The terminal description used by rxvt-unicode is not as widely available |
353 | The terminal description used by rxvt-unicode is not as widely available |
356 | as that for xterm, or even rxvt (for which the same problem often arises). |
354 | as that for xterm, or even rxvt (for which the same problem often arises). |
357 | .Sp |
355 | .Sp |
… | |
… | |
2127 | .IP "\-\-enable\-plain\-scroll (default: on)" 4 |
2125 | .IP "\-\-enable\-plain\-scroll (default: on)" 4 |
2128 | .IX Item "--enable-plain-scroll (default: on)" |
2126 | .IX Item "--enable-plain-scroll (default: on)" |
2129 | Add support for a very unobtrusive, plain-looking scrollbar that |
2127 | Add support for a very unobtrusive, plain-looking scrollbar that |
2130 | is the favourite of the rxvt-unicode author, having used it for |
2128 | is the favourite of the rxvt-unicode author, having used it for |
2131 | many years. |
2129 | many years. |
2132 | .IP "\-\-enable\-half\-shadow (default: off)" 4 |
|
|
2133 | .IX Item "--enable-half-shadow (default: off)" |
|
|
2134 | Make shadows on the scrollbar only half the normal width & height. |
|
|
2135 | only applicable to rxvt scrollbars. |
|
|
2136 | .IP "\-\-enable\-ttygid (default: off)" 4 |
2130 | .IP "\-\-enable\-ttygid (default: off)" 4 |
2137 | .IX Item "--enable-ttygid (default: off)" |
2131 | .IX Item "--enable-ttygid (default: off)" |
2138 | Change tty device setting to group \*(L"tty\*(R" \- only use this if |
2132 | Change tty device setting to group \*(L"tty\*(R" \- only use this if |
2139 | your system uses this type of security. |
2133 | your system uses this type of security. |
2140 | .IP "\-\-disable\-backspace\-key" 4 |
2134 | .IP "\-\-disable\-backspace\-key" 4 |