| … | |
… | |
| 148 | |
148 | |
| 149 | I need to make it setuid/setgid to support utmp/ptys on my OS, is this |
149 | I need to make it setuid/setgid to support utmp/ptys on my OS, is this |
| 150 | safe? |
150 | safe? |
| 151 | Likely not. While I honestly try to make it secure, and am probably |
151 | Likely not. While I honestly try to make it secure, and am probably |
| 152 | not bad at it, I think it is simply unreasonable to expect all of |
152 | not bad at it, I think it is simply unreasonable to expect all of |
| 153 | freetype + fontconfig + xft + xlib + ... + rxvt-unicode itself to |
153 | freetype + fontconfig + xft + xlib + perl + ... + rxvt-unicode |
| 154 | all be secure. Also, rxvt-unicode disables some options when it |
154 | itself to all be secure. Also, rxvt-unicode disables some options |
| 155 | detects that it runs setuid or setgid, which is not nice. |
155 | when it detects that it runs setuid or setgid, which is not nice. |
|
|
156 | Besides, with the embedded perl interpreter the possibility for |
|
|
157 | security problems easily multiplies. |
| 156 | |
158 | |
| 157 | Elevated privileges are only required for utmp and pty operations on |
159 | Elevated privileges are only required for utmp and pty operations on |
| 158 | some systems (for example, GNU/Linux doesn't need any extra |
160 | some systems (for example, GNU/Linux doesn't need any extra |
| 159 | privileges for ptys, but some need it for utmp support). If |
161 | privileges for ptys, but some need it for utmp support). It is |
| 160 | rxvt-unicode doesn't support the library/setuid helper that your OS |
162 | planned to mvoe this into a forked handler process, but this is not |
| 161 | needs I'll be happy to assist you in implementing support for it. |
163 | yet done. |
| 162 | |
164 | |
| 163 | So, while setuid/setgid operation is supported and not a problem on |
165 | So, while setuid/setgid operation is supported and not a problem on |
| 164 | your typical single-user-no-other-logins unix desktop, always |
166 | your typical single-user-no-other-logins unix desktop, always |
| 165 | remember that its an awful lot of code, most of which isn't checked |
167 | remember that its an awful lot of code, most of which isn't checked |
| 166 | for security issues regularly. |
168 | for security issues regularly. |
| … | |
… | |
| 1961 | it. |
1963 | it. |
| 1962 | |
1964 | |
| 1963 | --disable-resources |
1965 | --disable-resources |
| 1964 | Removes any support for resource checking. |
1966 | Removes any support for resource checking. |
| 1965 | |
1967 | |
| 1966 | --enable-xgetdefault |
|
|
| 1967 | Make resources checking via XGetDefault() instead of our small |
|
|
| 1968 | version which only checks ~/.Xdefaults, or if that doesn't exist |
|
|
| 1969 | then ~/.Xresources. |
|
|
| 1970 | |
|
|
| 1971 | Please note that nowadays, things like XIM will automatically pull |
|
|
| 1972 | in and use the full X resource manager, so the overhead of using it |
|
|
| 1973 | might be very small, if nonexistant. |
|
|
| 1974 | |
|
|
| 1975 | --enable-strings (default: off) |
1968 | --enable-strings (default: off) |
| 1976 | Add support for our possibly faster memset() function and other |
1969 | Add support for our possibly faster memset() function and other |
| 1977 | various routines, overriding your system's versions which may have |
1970 | various routines, overriding your system's versions which may have |
| 1978 | been hand-crafted in assembly or may require extra libraries to link |
1971 | been hand-crafted in assembly or may require extra libraries to link |
| 1979 | in. (this breaks ANSI-C rules and has problems on many GNU/Linux |
1972 | in. (this breaks ANSI-C rules and has problems on many GNU/Linux |
