From owner-freebsd-x11@FreeBSD.ORG Tue Apr 17 20:35:29 2007 Return-Path: X-Original-To: freebsd-x11@FreeBSD.org Delivered-To: freebsd-x11@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D7D9616A401; Tue, 17 Apr 2007 20:35:29 +0000 (UTC) (envelope-from sec@42.org) Received: from ice.42.org (ice.42.org [194.77.85.2]) by mx1.freebsd.org (Postfix) with ESMTP id 7698A13C44C; Tue, 17 Apr 2007 20:35:29 +0000 (UTC) (envelope-from sec@42.org) Received: by ice.42.org (Postfix, from userid 1000) id CFDD9C462; Tue, 17 Apr 2007 22:15:48 +0200 (CEST) Date: Tue, 17 Apr 2007 22:15:48 +0200 From: Stefan `Sec` Zehl To: Florent Thoumie Message-ID: <20070417201548.GB44061@ice.42.org> X-Current-Backlog: 2864 messages References: <200704161141.l3GBfrcY049525@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200704161141.l3GBfrcY049525@freefall.freebsd.org> User-Agent: Mutt/1.4.2.2i I-love-doing-this: really X-Modeline: vim:set ts=8 sw=4 smarttab tw=72 si noic notitle: Accept-Languages: de, en X-URL: http://sec.42.org/ Cc: freebsd-x11@FreeBSD.org Subject: Re: ports/109497: x11-servers/xorg-fontserver rc.d/xfs.sh script missing "-user" X-BeenThere: freebsd-x11@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: X11 on FreeBSD -- maintaining and support List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Apr 2007 20:35:29 -0000 Hi, On Mon, Apr 16, 2007 at 11:41 +0000, Florent Thoumie wrote: > Synopsis: x11-servers/xorg-fontserver rc.d/xfs.sh script missing "-user" > > State-Changed-From-To: open->closed > State-Changed-By: flz > State-Changed-When: Mon Apr 16 11:40:38 UTC 2007 > State-Changed-Why: > I just checked and other OS'es seem to run it as root as well. > > If this is a real concern to you, just set xfs_flags="-user nobody" in > /etc/rc.conf. I think this is what you're looking for. Please note that if you set "xfs_user=" to something, the default rc.subr will already try to do something with it, and (silently) fail to start xfs at all. I do think fixing this would be more user friendly -- besides, its only a two-line patch anyway, and it doesn't even change the default of running as root. But if think it's important to refuse this change, I can certainly live without that patch. CU, Sec -- One of the main causes of the fall of the Roman Empire was that, lacking zero, they had no way to indicate successful termination of their C Programs.