cvs commit: ports/x11/luit Makefile distinfo
ports/x11/luit/files patch-luit.c
Andrey Chernov
ache at FreeBSD.ORG
Tue Oct 11 01:28:04 UTC 2011
On Tue, Oct 11, 2011 at 05:06:45AM +0400, Andrey Chernov wrote:
> On Mon, Oct 10, 2011 at 08:26:08PM -0400, Sahil Tandon wrote:
> > > It happens only if builded luit port have WITH_SETUID_LUIT set, otherwise
> > > you don't notice the bug.
> >
> > Ah, so it does not actually affect the default packages as built by the
> > clusters?
>
> Yes, default packages are not affected, but building luit non-setuid by
> default isn't a good choice in the first place due to this luit(1) quote:
>
> On systems without SVR4 ("Unix-98") ptys (notably BSD variants), run-
> ning luit as an ordinary user will leave the tty world-writable; this
> is a security hole, and luit will generate a warning (but still accept
> to run). A possible solution is to make luit suid root;
Note: this is true for old FreeBSD versions without /dev/pts, i.e. for
FreeBSD < 8. Since old versions will die soon, perhaps choosen default
isn't so bad.
--
http://ache.vniz.net/
More information about the cvs-all
mailing list