From owner-cvs-ports@FreeBSD.ORG  Tue Oct 11 01:06:49 2011
Return-Path: <owner-cvs-ports@FreeBSD.ORG>
Delivered-To: cvs-ports@FreeBSD.ORG
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 42930106566B;
	Tue, 11 Oct 2011 01:06:49 +0000 (UTC) (envelope-from ache@vniz.net)
Received: from vniz.net (vniz.net [194.87.13.69])
	by mx1.freebsd.org (Postfix) with ESMTP id B5BB18FC12;
	Tue, 11 Oct 2011 01:06:48 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by vniz.net (8.14.5/8.14.5) with ESMTP id p9B16lGL020905;
	Tue, 11 Oct 2011 05:06:47 +0400 (MSK) (envelope-from ache@vniz.net)
Received: (from ache@localhost)
	by localhost (8.14.5/8.14.5/Submit) id p9B16k3L020904;
	Tue, 11 Oct 2011 05:06:46 +0400 (MSK) (envelope-from ache)
Date: Tue, 11 Oct 2011 05:06:45 +0400
From: Andrey Chernov <ache@FreeBSD.ORG>
To: cvs-ports@FreeBSD.ORG
Message-ID: <20111011010644.GA19242@vniz.net>
Mail-Followup-To: Andrey Chernov <ache@freebsd.org>, cvs-ports@FreeBSD.ORG,
	Eitan Adler <eadler@FreeBSD.ORG>, ports-committers@FreeBSD.ORG,
	cvs-all@FreeBSD.ORG
References: <201110101738.p9AHcHUq031559@repoman.freebsd.org>
	<20111010194330.GA94990@vniz.net>
	<CAF6rxgkUtYuYaUpM9M+j8cXmg5yYVOZ5hMzFY5a_r+HoCkwAfA@mail.gmail.com>
	<20111010215854.GA96634@vniz.net>
	<20111011002607.GE21265@magic.hamla.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20111011002607.GE21265@magic.hamla.org>
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: Eitan Adler <eadler@FreeBSD.ORG>, cvs-all@FreeBSD.ORG,
	ports-committers@FreeBSD.ORG
Subject: Re: cvs commit: ports/x11/luit Makefile distinfo
 ports/x11/luit/files patch-luit.c
X-BeenThere: cvs-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the ports tree <cvs-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-ports>,
	<mailto:cvs-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-ports>
List-Post: <mailto:cvs-ports@freebsd.org>
List-Help: <mailto:cvs-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-ports>,
	<mailto:cvs-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Oct 2011 01:06:49 -0000

On Mon, Oct 10, 2011 at 08:26:08PM -0400, Sahil Tandon wrote:
> > It happens only if builded luit port have WITH_SETUID_LUIT set, otherwise 
> > you don't notice the bug.
> 
> Ah, so it does not actually affect the default packages as built by the
> clusters?

Yes, default packages are not affected, but building luit non-setuid by 
default isn't a good choice in the first place due to this luit(1) quote:

   On  systems  without SVR4 ("Unix-98") ptys (notably BSD variants), run-
   ning luit as an ordinary user will leave the tty  world-writable;  this
   is  a security hole, and luit will generate a warning (but still accept
   to run). A possible solution is to make luit suid  root;

> Thanks; I believe eadler@ has already created a patch and shared it with
> you for review.

Yes. There was single line, which is enough:
CFLAGS+=	-DBSD

-- 
http://ache.vniz.net/