Date: Tue, 11 Oct 2011 05:06:45 +0400 From: Andrey Chernov <ache@FreeBSD.ORG> To: cvs-ports@FreeBSD.ORG Cc: Eitan Adler <eadler@FreeBSD.ORG>, cvs-all@FreeBSD.ORG, ports-committers@FreeBSD.ORG Subject: Re: cvs commit: ports/x11/luit Makefile distinfo ports/x11/luit/files patch-luit.c Message-ID: <20111011010644.GA19242@vniz.net> In-Reply-To: <20111011002607.GE21265@magic.hamla.org> References: <201110101738.p9AHcHUq031559@repoman.freebsd.org> <20111010194330.GA94990@vniz.net> <CAF6rxgkUtYuYaUpM9M%2Bj8cXmg5yYVOZ5hMzFY5a_r%2BHoCkwAfA@mail.gmail.com> <20111010215854.GA96634@vniz.net> <20111011002607.GE21265@magic.hamla.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Oct 10, 2011 at 08:26:08PM -0400, Sahil Tandon wrote: > > It happens only if builded luit port have WITH_SETUID_LUIT set, otherwise > > you don't notice the bug. > > Ah, so it does not actually affect the default packages as built by the > clusters? Yes, default packages are not affected, but building luit non-setuid by default isn't a good choice in the first place due to this luit(1) quote: On systems without SVR4 ("Unix-98") ptys (notably BSD variants), run- ning luit as an ordinary user will leave the tty world-writable; this is a security hole, and luit will generate a warning (but still accept to run). A possible solution is to make luit suid root; > Thanks; I believe eadler@ has already created a patch and shared it with > you for review. Yes. There was single line, which is enough: CFLAGS+= -DBSD -- http://ache.vniz.net/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20111011010644.GA19242>