| … | |
… | |
| 194 | C<--enable-everything> (less useful, it will be very big due to a lot of |
194 | C<--enable-everything> (less useful, it will be very big due to a lot of |
| 195 | encodings built-in that increase download times and are rarely used). |
195 | encodings built-in that increase download times and are rarely used). |
| 196 | |
196 | |
| 197 | =item I need to make it setuid/setgid to support utmp/ptys on my OS, is this safe? |
197 | =item I need to make it setuid/setgid to support utmp/ptys on my OS, is this safe? |
| 198 | |
198 | |
| 199 | Likely not. While I honestly try to make it secure, and am probably not |
199 | It should be, starting with release 7.1. You are encouraged to properly |
| 200 | bad at it, I think it is simply unreasonable to expect all of freetype |
200 | install urxvt with privileges necessary for your OS now. |
| 201 | + fontconfig + xft + xlib + perl + ... + rxvt-unicode itself to all be |
|
|
| 202 | secure. Also, rxvt-unicode disables some options when it detects that it |
|
|
| 203 | runs setuid or setgid, which is not nice. Besides, with the embedded perl |
|
|
| 204 | interpreter the possibility for security problems easily multiplies. |
|
|
| 205 | |
201 | |
| 206 | Elevated privileges are only required for utmp and pty operations on some |
202 | When rxvt-unicode detects that it runs setuid or setgid, it will fork |
| 207 | systems (for example, GNU/Linux doesn't need any extra privileges for |
203 | into a helper process for privileged operations (pty handling on some |
| 208 | ptys, but some need it for utmp support). It is planned to mvoe this into |
204 | systems, utmp/wtmp/lastlog handling on others) and drop privileges |
| 209 | a forked handler process, but this is not yet done. |
205 | immediately. This is much safer than most other terminals that keep |
|
|
206 | privileges while running (but is more relevant to urxvt, as it contains |
|
|
207 | things as perl interpreters, which might be "helpful" to attackers). |
| 210 | |
208 | |
| 211 | So, while setuid/setgid operation is supported and not a problem on your |
209 | This forking is done as the very first within main(), which is very early |
| 212 | typical single-user-no-other-logins unix desktop, always remember that |
210 | and reduces possible bugs to initialisation code run before main(), or |
| 213 | its an awful lot of code, most of which isn't checked for security issues |
211 | things like the dynamic loader of your system, which should result in very |
| 214 | regularly. |
212 | little risk. |
| 215 | |
213 | |
| 216 | =item When I log-in to another system it tells me about missing terminfo data? |
214 | =item When I log-in to another system it tells me about missing terminfo data? |
| 217 | |
215 | |
| 218 | The terminal description used by rxvt-unicode is not as widely available |
216 | The terminal description used by rxvt-unicode is not as widely available |
| 219 | as that for xterm, or even rxvt (for which the same problem often arises). |
217 | as that for xterm, or even rxvt (for which the same problem often arises). |
| … | |
… | |
| 2046 | |
2044 | |
| 2047 | Add support for a very unobtrusive, plain-looking scrollbar that |
2045 | Add support for a very unobtrusive, plain-looking scrollbar that |
| 2048 | is the favourite of the rxvt-unicode author, having used it for |
2046 | is the favourite of the rxvt-unicode author, having used it for |
| 2049 | many years. |
2047 | many years. |
| 2050 | |
2048 | |
| 2051 | =item --enable-half-shadow (default: off) |
|
|
| 2052 | |
|
|
| 2053 | Make shadows on the scrollbar only half the normal width & height. |
|
|
| 2054 | only applicable to rxvt scrollbars. |
|
|
| 2055 | |
|
|
| 2056 | =item --enable-ttygid (default: off) |
2049 | =item --enable-ttygid (default: off) |
| 2057 | |
2050 | |
| 2058 | Change tty device setting to group "tty" - only use this if |
2051 | Change tty device setting to group "tty" - only use this if |
| 2059 | your system uses this type of security. |
2052 | your system uses this type of security. |
| 2060 | |
2053 | |
