… | |
… | |
186 | of encodings built-in that increase download times and are rarely |
186 | of encodings built-in that increase download times and are rarely |
187 | used). |
187 | used). |
188 | |
188 | |
189 | I need to make it setuid/setgid to support utmp/ptys on my OS, is this |
189 | I need to make it setuid/setgid to support utmp/ptys on my OS, is this |
190 | safe? |
190 | safe? |
191 | Likely not. While I honestly try to make it secure, and am probably |
191 | It should be, starting with release 7.1. You are encouraged to |
192 | not bad at it, I think it is simply unreasonable to expect all of |
192 | properly install urxvt with privileges necessary for your OS now. |
193 | freetype + fontconfig + xft + xlib + perl + ... + rxvt-unicode |
193 | |
194 | itself to all be secure. Also, rxvt-unicode disables some options |
|
|
195 | when it detects that it runs setuid or setgid, which is not nice. |
194 | When rxvt-unicode detects that it runs setuid or setgid, it will |
196 | Besides, with the embedded perl interpreter the possibility for |
195 | fork into a helper process for privileged operations (pty handling |
197 | security problems easily multiplies. |
196 | on some systems, utmp/wtmp/lastlog handling on others) and drop |
|
|
197 | privileges immediately. This is much safer than most other terminals |
|
|
198 | that keep privileges while running (but is more relevant to urxvt, |
|
|
199 | as it contains things as perl interpreters, which might be "helpful" |
|
|
200 | to attackers). |
198 | |
201 | |
199 | Elevated privileges are only required for utmp and pty operations on |
202 | This forking is done as the very first within main(), which is very |
200 | some systems (for example, GNU/Linux doesn't need any extra |
203 | early and reduces possible bugs to initialisation code run before |
201 | privileges for ptys, but some need it for utmp support). It is |
204 | main(), or things like the dynamic loader of your system, which |
202 | planned to mvoe this into a forked handler process, but this is not |
205 | should result in very little risk. |
203 | yet done. |
|
|
204 | |
|
|
205 | So, while setuid/setgid operation is supported and not a problem on |
|
|
206 | your typical single-user-no-other-logins unix desktop, always |
|
|
207 | remember that its an awful lot of code, most of which isn't checked |
|
|
208 | for security issues regularly. |
|
|
209 | |
206 | |
210 | When I log-in to another system it tells me about missing terminfo data? |
207 | When I log-in to another system it tells me about missing terminfo data? |
211 | The terminal description used by rxvt-unicode is not as widely |
208 | The terminal description used by rxvt-unicode is not as widely |
212 | available as that for xterm, or even rxvt (for which the same |
209 | available as that for xterm, or even rxvt (for which the same |
213 | problem often arises). |
210 | problem often arises). |
… | |
… | |
1646 | --enable-plain-scroll (default: on) |
1643 | --enable-plain-scroll (default: on) |
1647 | Add support for a very unobtrusive, plain-looking scrollbar that is |
1644 | Add support for a very unobtrusive, plain-looking scrollbar that is |
1648 | the favourite of the rxvt-unicode author, having used it for many |
1645 | the favourite of the rxvt-unicode author, having used it for many |
1649 | years. |
1646 | years. |
1650 | |
1647 | |
1651 | --enable-half-shadow (default: off) |
|
|
1652 | Make shadows on the scrollbar only half the normal width & height. |
|
|
1653 | only applicable to rxvt scrollbars. |
|
|
1654 | |
|
|
1655 | --enable-ttygid (default: off) |
1648 | --enable-ttygid (default: off) |
1656 | Change tty device setting to group "tty" - only use this if your |
1649 | Change tty device setting to group "tty" - only use this if your |
1657 | system uses this type of security. |
1650 | system uses this type of security. |
1658 | |
1651 | |
1659 | --disable-backspace-key |
1652 | --disable-backspace-key |