--- rxvt-unicode/doc/rxvt.7.pod 2006/01/16 15:12:48 1.85 +++ rxvt-unicode/doc/rxvt.7.pod 2006/01/18 21:00:39 1.89 @@ -161,20 +161,21 @@ =item I am using Debian GNU/Linux and have a problem... The Debian GNU/Linux package of rxvt-unicode in sarge contains large -patches that considerably change the behaviour of rxvt-unicode. Before -reporting a bug to the original rxvt-unicode author please download and -install the genuine version (L) -and try to reproduce the problem. If you cannot, chances are that the -problems are specific to Debian GNU/Linux, in which case it should be -reported via the Debian Bug Tracking System (use C to report -the bug). +patches that considerably change the behaviour of rxvt-unicode (but +unfortunately this notice has been removed). Before reporting a bug to +the original rxvt-unicode author please download and install the genuine +version (L) and try to reproduce +the problem. If you cannot, chances are that the problems are specific to +Debian GNU/Linux, in which case it should be reported via the Debian Bug +Tracking System (use C to report the bug). For other problems that also affect the Debian package, you can and probably should use the Debian BTS, too, because, after all, it's also a bug in the Debian version and it serves as a reminder for other users that might encounter the same issue. -=item I am maintaining rxvt-unicode for distribution/OS XXX, any recommendation? +=item I am maintaining rxvt-unicode for distribution/OS XXX, any +recommendation? You should build one binary with the default options. F now enables most useful options, and the trend goes to making them @@ -196,22 +197,20 @@ =item I need to make it setuid/setgid to support utmp/ptys on my OS, is this safe? -Likely not. While I honestly try to make it secure, and am probably not -bad at it, I think it is simply unreasonable to expect all of freetype -+ fontconfig + xft + xlib + perl + ... + rxvt-unicode itself to all be -secure. Also, rxvt-unicode disables some options when it detects that it -runs setuid or setgid, which is not nice. Besides, with the embedded perl -interpreter the possibility for security problems easily multiplies. - -Elevated privileges are only required for utmp and pty operations on some -systems (for example, GNU/Linux doesn't need any extra privileges for -ptys, but some need it for utmp support). It is planned to mvoe this into -a forked handler process, but this is not yet done. - -So, while setuid/setgid operation is supported and not a problem on your -typical single-user-no-other-logins unix desktop, always remember that -its an awful lot of code, most of which isn't checked for security issues -regularly. +It should be, starting with release 7.1. You are encouraged to properly +install urxvt with privileges necessary for your OS now. + +When rxvt-unicode detects that it runs setuid or setgid, it will fork +into a helper process for privileged operations (pty handling on some +systems, utmp/wtmp/lastlog handling on others) and drop privileges +immediately. This is much safer than most other terminals that keep +privileges while running (but is more relevant to urxvt, as it contains +things as perl interpreters, which might be "helpful" to attackers). + +This forking is done as the very first within main(), which is very early +and reduces possible bugs to initialisation code run before main(), or +things like the dynamic loader of your system, which should result in very +little risk. =item When I log-in to another system it tells me about missing terminfo data? @@ -1671,7 +1670,7 @@ B<< C >> Change colour of highlight characters to B<< C >> B<< C >> Change colour of bold characters to B<< C >> [deprecated, see 706] B<< C >> Change colour of underlined characters to B<< C >> [deprecated, see 707] - B<< C >> Change default background to B<< C >> + B<< C >> Change background pixmap parameters (see section XPM) (Compile XPM). B<< C >> Change default foreground colour to B<< C >>. B<< C >> Change Log File to B<< C >> I B<< C >> Change default background colour to B<< C >>. @@ -2048,11 +2047,6 @@ is the favourite of the rxvt-unicode author, having used it for many years. -=item --enable-half-shadow (default: off) - -Make shadows on the scrollbar only half the normal width & height. -only applicable to rxvt scrollbars. - =item --enable-ttygid (default: off) Change tty device setting to group "tty" - only use this if