Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 19 Jun 1999 02:41:32 -0400 (EDT)
From:      Yarema <yds@paris.dppl.com>
To:        Chris Piazza <cpiazza@home.net>
Cc:        freebsd-ports@FreeBSD.ORG
Subject:   Re: ports/12236: Fix: x11/wterm build
Message-ID:  <Pine.BSF.4.10.9906190222480.37964-100000@paris.dppl.com>
In-Reply-To: <19990618183449.A72243@norn.ca.eu.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 18 Jun 1999, Chris Piazza wrote:

> On Fri, Jun 18, 1999 at 08:58:32PM -0400, Yarema wrote:
> > > + --enable-next-scrollbar --enable-utmp --enable-wtmp
> > 
> > good idea. you need to suid root for modifying utmp and wtmp databases to
> > work though, like xterm:
> > 
> > -rws--x--x  1 root  wheel  154936 Dec 30 05:18 /usr/X11R6/bin/xterm
> > 
> > so perhaps a:
> > 
> > chmod 4711 /usr/X11R6/bin/wterm
> > 
> > after installing?
> 
> I can make it install suid if people want this. A message after the install
> that allows the admin to make a decision about that may be another way too.
> 
> Thoughts? 
> 
> -Chris
> 

As per doc/README.xvt:

To install xvt, you should edit the MANDIR and BIN pathnames in the 
Makefile and then type 'make install' as root.  When installed for general
use, xvt needs to belong to root and have the setuid flag set so that it
can make entries in the /etc/utmp file.

and the man page:

  6  a.    If compiled with UTMP_SUPPORT, you may need to install                                         
rxvt setuid root or setuid/setgid to match the file  permissions on /etc/utmp
  6  b.  You may need to install setuid root anyway for some systems so
that they can give you ownership of the tty devices.


As paranoid as some people justifiably are about having suid binaries, I
don't see rxvt and derivatives installed suid root being any more harmful
than having xterm laying around with the suid bit set.

On my home machine it don't matter much. On production servers I'd rather
see who's been logged in when if I have to investigate something. So, in a
sense, not having the suid root set is more of a security risk in this
case cuz people can cover up their tracks more easily without it. IMO,
suid root should be the default way to install without any promting. All
the other programs which update [uw]tmp are suid root.

Whatever decision comes out of this thread should probably apply to other
rxvt derivatives too. 

-- 
Yarema



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9906190222480.37964-100000>