… | |
… | |
148 | |
148 | |
149 | I need to make it setuid/setgid to support utmp/ptys on my OS, is this |
149 | I need to make it setuid/setgid to support utmp/ptys on my OS, is this |
150 | safe? |
150 | safe? |
151 | Likely not. While I honestly try to make it secure, and am probably |
151 | Likely not. While I honestly try to make it secure, and am probably |
152 | not bad at it, I think it is simply unreasonable to expect all of |
152 | not bad at it, I think it is simply unreasonable to expect all of |
153 | freetype + fontconfig + xft + xlib + ... + rxvt-unicode itself to |
153 | freetype + fontconfig + xft + xlib + perl + ... + rxvt-unicode |
154 | all be secure. Also, rxvt-unicode disables some options when it |
154 | itself to all be secure. Also, rxvt-unicode disables some options |
155 | detects that it runs setuid or setgid, which is not nice. |
155 | when it detects that it runs setuid or setgid, which is not nice. |
|
|
156 | Besides, with the embedded perl interpreter the possibility for |
|
|
157 | security problems easily multiplies. |
156 | |
158 | |
157 | Elevated privileges are only required for utmp and pty operations on |
159 | Elevated privileges are only required for utmp and pty operations on |
158 | some systems (for example, GNU/Linux doesn't need any extra |
160 | some systems (for example, GNU/Linux doesn't need any extra |
159 | privileges for ptys, but some need it for utmp support). If |
161 | privileges for ptys, but some need it for utmp support). It is |
160 | rxvt-unicode doesn't support the library/setuid helper that your OS |
162 | planned to mvoe this into a forked handler process, but this is not |
161 | needs I'll be happy to assist you in implementing support for it. |
163 | yet done. |
162 | |
164 | |
163 | So, while setuid/setgid operation is supported and not a problem on |
165 | So, while setuid/setgid operation is supported and not a problem on |
164 | your typical single-user-no-other-logins unix desktop, always |
166 | your typical single-user-no-other-logins unix desktop, always |
165 | remember that its an awful lot of code, most of which isn't checked |
167 | remember that its an awful lot of code, most of which isn't checked |
166 | for security issues regularly. |
168 | for security issues regularly. |
… | |
… | |
1961 | it. |
1963 | it. |
1962 | |
1964 | |
1963 | --disable-resources |
1965 | --disable-resources |
1964 | Removes any support for resource checking. |
1966 | Removes any support for resource checking. |
1965 | |
1967 | |
1966 | --enable-xgetdefault |
|
|
1967 | Make resources checking via XGetDefault() instead of our small |
|
|
1968 | version which only checks ~/.Xdefaults, or if that doesn't exist |
|
|
1969 | then ~/.Xresources. |
|
|
1970 | |
|
|
1971 | Please note that nowadays, things like XIM will automatically pull |
|
|
1972 | in and use the full X resource manager, so the overhead of using it |
|
|
1973 | might be very small, if nonexistant. |
|
|
1974 | |
|
|
1975 | --enable-strings (default: off) |
1968 | --enable-strings (default: off) |
1976 | Add support for our possibly faster memset() function and other |
1969 | Add support for our possibly faster memset() function and other |
1977 | various routines, overriding your system's versions which may have |
1970 | various routines, overriding your system's versions which may have |
1978 | been hand-crafted in assembly or may require extra libraries to link |
1971 | been hand-crafted in assembly or may require extra libraries to link |
1979 | in. (this breaks ANSI-C rules and has problems on many GNU/Linux |
1972 | in. (this breaks ANSI-C rules and has problems on many GNU/Linux |