From owner-freebsd-ports Fri Jun 18 23:41:43 1999 Delivered-To: freebsd-ports@freebsd.org Received: from paris.dppl.com (paris.dppl.com [205.230.74.150]) by hub.freebsd.org (Postfix) with SMTP id 2462614F54 for ; Fri, 18 Jun 1999 23:41:34 -0700 (PDT) (envelope-from yds@dppl.com) Received: (qmail 38098 invoked by uid 1001); 19 Jun 1999 06:41:32 -0000 Date: Sat, 19 Jun 1999 02:41:32 -0400 (EDT) From: Yarema To: Chris Piazza Cc: freebsd-ports@FreeBSD.ORG Subject: Re: ports/12236: Fix: x11/wterm build In-Reply-To: <19990618183449.A72243@norn.ca.eu.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 18 Jun 1999, Chris Piazza wrote: > On Fri, Jun 18, 1999 at 08:58:32PM -0400, Yarema wrote: > > > + --enable-next-scrollbar --enable-utmp --enable-wtmp > > > > good idea. you need to suid root for modifying utmp and wtmp databases to > > work though, like xterm: > > > > -rws--x--x 1 root wheel 154936 Dec 30 05:18 /usr/X11R6/bin/xterm > > > > so perhaps a: > > > > chmod 4711 /usr/X11R6/bin/wterm > > > > after installing? > > I can make it install suid if people want this. A message after the install > that allows the admin to make a decision about that may be another way too. > > Thoughts? > > -Chris > As per doc/README.xvt: To install xvt, you should edit the MANDIR and BIN pathnames in the Makefile and then type 'make install' as root. When installed for general use, xvt needs to belong to root and have the setuid flag set so that it can make entries in the /etc/utmp file. and the man page: 6 a. If compiled with UTMP_SUPPORT, you may need to install rxvt setuid root or setuid/setgid to match the file permissions on /etc/utmp 6 b. You may need to install setuid root anyway for some systems so that they can give you ownership of the tty devices. As paranoid as some people justifiably are about having suid binaries, I don't see rxvt and derivatives installed suid root being any more harmful than having xterm laying around with the suid bit set. On my home machine it don't matter much. On production servers I'd rather see who's been logged in when if I have to investigate something. So, in a sense, not having the suid root set is more of a security risk in this case cuz people can cover up their tracks more easily without it. IMO, suid root should be the default way to install without any promting. All the other programs which update [uw]tmp are suid root. Whatever decision comes out of this thread should probably apply to other rxvt derivatives too. -- Yarema To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message