| … | |
… | |
| 127 | .\} |
127 | .\} |
| 128 | .rm #[ #] #H #V #F C |
128 | .rm #[ #] #H #V #F C |
| 129 | .\" ======================================================================== |
129 | .\" ======================================================================== |
| 130 | .\" |
130 | .\" |
| 131 | .IX Title "rxvt 7" |
131 | .IX Title "rxvt 7" |
| 132 | .TH rxvt 7 "2006-01-16" "7.0" "RXVT-UNICODE" |
132 | .TH rxvt 7 "2006-01-17" "7.1" "RXVT-UNICODE" |
| 133 | .SH "NAME" |
133 | .SH "NAME" |
| 134 | RXVT REFERENCE \- FAQ, command sequences and other background information |
134 | RXVT REFERENCE \- FAQ, command sequences and other background information |
| 135 | .SH "SYNOPSIS" |
135 | .SH "SYNOPSIS" |
| 136 | .IX Header "SYNOPSIS" |
136 | .IX Header "SYNOPSIS" |
| 137 | .Vb 2 |
137 | .Vb 2 |
| … | |
… | |
| 332 | one with \f(CW\*(C`\-\-disable\-everything\*(C'\fR (very useful) and a maximal one with |
332 | one with \f(CW\*(C`\-\-disable\-everything\*(C'\fR (very useful) and a maximal one with |
| 333 | \&\f(CW\*(C`\-\-enable\-everything\*(C'\fR (less useful, it will be very big due to a lot of |
333 | \&\f(CW\*(C`\-\-enable\-everything\*(C'\fR (less useful, it will be very big due to a lot of |
| 334 | encodings built-in that increase download times and are rarely used). |
334 | encodings built-in that increase download times and are rarely used). |
| 335 | .IP "I need to make it setuid/setgid to support utmp/ptys on my \s-1OS\s0, is this safe?" 4 |
335 | .IP "I need to make it setuid/setgid to support utmp/ptys on my \s-1OS\s0, is this safe?" 4 |
| 336 | .IX Item "I need to make it setuid/setgid to support utmp/ptys on my OS, is this safe?" |
336 | .IX Item "I need to make it setuid/setgid to support utmp/ptys on my OS, is this safe?" |
| 337 | Likely not. While I honestly try to make it secure, and am probably not |
337 | It should be, starting with release 7.1. You are encouraged to properly |
| 338 | bad at it, I think it is simply unreasonable to expect all of freetype |
338 | install urxvt with privileges necessary for your \s-1OS\s0 now. |
| 339 | + fontconfig + xft + xlib + perl + ... + rxvt-unicode itself to all be |
|
|
| 340 | secure. Also, rxvt-unicode disables some options when it detects that it |
|
|
| 341 | runs setuid or setgid, which is not nice. Besides, with the embedded perl |
|
|
| 342 | interpreter the possibility for security problems easily multiplies. |
|
|
| 343 | .Sp |
339 | .Sp |
| 344 | Elevated privileges are only required for utmp and pty operations on some |
340 | When rxvt-unicode detects that it runs setuid or setgid, it will fork |
| 345 | systems (for example, GNU/Linux doesn't need any extra privileges for |
341 | into a helper process for privileged operations (pty handling on some |
| 346 | ptys, but some need it for utmp support). It is planned to mvoe this into |
342 | systems, utmp/wtmp/lastlog handling on others) and drop privileges |
| 347 | a forked handler process, but this is not yet done. |
343 | immediately. This is much safer than most other terminals that keep |
|
|
344 | privileges while running (but is more relevant to urxvt, as it contains |
|
|
345 | things as perl interpreters, which might be \*(L"helpful\*(R" to attackers). |
| 348 | .Sp |
346 | .Sp |
| 349 | So, while setuid/setgid operation is supported and not a problem on your |
347 | This forking is done as the very first within \fImain()\fR, which is very early |
| 350 | typical single-user-no-other-logins unix desktop, always remember that |
348 | and reduces possible bugs to initialisation code run before \fImain()\fR, or |
| 351 | its an awful lot of code, most of which isn't checked for security issues |
349 | things like the dynamic loader of your system, which should result in very |
| 352 | regularly. |
350 | little risk. |
| 353 | .IP "When I log-in to another system it tells me about missing terminfo data?" 4 |
351 | .IP "When I log-in to another system it tells me about missing terminfo data?" 4 |
| 354 | .IX Item "When I log-in to another system it tells me about missing terminfo data?" |
352 | .IX Item "When I log-in to another system it tells me about missing terminfo data?" |
| 355 | The terminal description used by rxvt-unicode is not as widely available |
353 | The terminal description used by rxvt-unicode is not as widely available |
| 356 | as that for xterm, or even rxvt (for which the same problem often arises). |
354 | as that for xterm, or even rxvt (for which the same problem often arises). |
| 357 | .Sp |
355 | .Sp |
| … | |
… | |
| 2127 | .IP "\-\-enable\-plain\-scroll (default: on)" 4 |
2125 | .IP "\-\-enable\-plain\-scroll (default: on)" 4 |
| 2128 | .IX Item "--enable-plain-scroll (default: on)" |
2126 | .IX Item "--enable-plain-scroll (default: on)" |
| 2129 | Add support for a very unobtrusive, plain-looking scrollbar that |
2127 | Add support for a very unobtrusive, plain-looking scrollbar that |
| 2130 | is the favourite of the rxvt-unicode author, having used it for |
2128 | is the favourite of the rxvt-unicode author, having used it for |
| 2131 | many years. |
2129 | many years. |
| 2132 | .IP "\-\-enable\-half\-shadow (default: off)" 4 |
|
|
| 2133 | .IX Item "--enable-half-shadow (default: off)" |
|
|
| 2134 | Make shadows on the scrollbar only half the normal width & height. |
|
|
| 2135 | only applicable to rxvt scrollbars. |
|
|
| 2136 | .IP "\-\-enable\-ttygid (default: off)" 4 |
2130 | .IP "\-\-enable\-ttygid (default: off)" 4 |
| 2137 | .IX Item "--enable-ttygid (default: off)" |
2131 | .IX Item "--enable-ttygid (default: off)" |
| 2138 | Change tty device setting to group \*(L"tty\*(R" \- only use this if |
2132 | Change tty device setting to group \*(L"tty\*(R" \- only use this if |
| 2139 | your system uses this type of security. |
2133 | your system uses this type of security. |
| 2140 | .IP "\-\-disable\-backspace\-key" 4 |
2134 | .IP "\-\-disable\-backspace\-key" 4 |
