Date: Tue, 11 Oct 2011 05:27:59 +0400 From: Andrey Chernov <ache@FreeBSD.ORG> To: cvs-ports@FreeBSD.ORG, Eitan Adler <eadler@FreeBSD.ORG>, ports-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: cvs commit: ports/x11/luit Makefile distinfo ports/x11/luit/files patch-luit.c Message-ID: <20111011012758.GA26511@vniz.net> In-Reply-To: <20111011010644.GA19242@vniz.net> References: <201110101738.p9AHcHUq031559@repoman.freebsd.org> <20111010194330.GA94990@vniz.net> <CAF6rxgkUtYuYaUpM9M%2Bj8cXmg5yYVOZ5hMzFY5a_r%2BHoCkwAfA@mail.gmail.com> <20111010215854.GA96634@vniz.net> <20111011002607.GE21265@magic.hamla.org> <20111011010644.GA19242@vniz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Oct 11, 2011 at 05:06:45AM +0400, Andrey Chernov wrote:
> On Mon, Oct 10, 2011 at 08:26:08PM -0400, Sahil Tandon wrote:
> > > It happens only if builded luit port have WITH_SETUID_LUIT set, otherwise
> > > you don't notice the bug.
> >
> > Ah, so it does not actually affect the default packages as built by the
> > clusters?
>
> Yes, default packages are not affected, but building luit non-setuid by
> default isn't a good choice in the first place due to this luit(1) quote:
>
> On systems without SVR4 ("Unix-98") ptys (notably BSD variants), run-
> ning luit as an ordinary user will leave the tty world-writable; this
> is a security hole, and luit will generate a warning (but still accept
> to run). A possible solution is to make luit suid root;
Note: this is true for old FreeBSD versions without /dev/pts, i.e. for
FreeBSD < 8. Since old versions will die soon, perhaps choosen default
isn't so bad.
--
http://ache.vniz.net/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20111011012758.GA26511>