rxvt-unicode changelog <= google-friendly title
+TODO: move pty/tty handling into a fork'ed server and drop all privs
TODO: harmonize --disable-options into position-dependent options.
TODO: after requesting the selection and getting a timeout, no further requests will be sent.
TODO: "slow" rendering mode for bidi and scripts
safe?
Likely not. While I honestly try to make it secure, and am probably
not bad at it, I think it is simply unreasonable to expect all of
- freetype + fontconfig + xft + xlib + ... + rxvt-unicode itself to
- all be secure. Also, rxvt-unicode disables some options when it
- detects that it runs setuid or setgid, which is not nice.
+ freetype + fontconfig + xft + xlib + perl + ... + rxvt-unicode
+ itself to all be secure. Also, rxvt-unicode disables some options
+ when it detects that it runs setuid or setgid, which is not nice.
+ Besides, with the embedded perl interpreter the possibility for
+ security problems easily multiplies.
Elevated privileges are only required for utmp and pty operations on
some systems (for example, GNU/Linux doesn't need any extra
- privileges for ptys, but some need it for utmp support). If
- rxvt-unicode doesn't support the library/setuid helper that your OS
- needs I'll be happy to assist you in implementing support for it.
+ privileges for ptys, but some need it for utmp support). It is
+ planned to mvoe this into a forked handler process, but this is not
+ yet done.
So, while setuid/setgid operation is supported and not a problem on
your typical single-user-no-other-logins unix desktop, always
/* Define if you have the on_exit function. */
#undef HAVE_ON_EXIT
-/* Define if you have the openpty function. */
-#undef HAVE_OPENPTY
-
/* Define if you have the revoke function. */
#undef HAVE_REVOKE
/* Define if your XIMCallback specifies XIC as first type. */
#undef XIMCB_PROTO_BROKEN
-/* Define if you have _GNU_SOURCE getpt() */
-#undef HAVE_GETPT
-
/* Define for this pty type */
#undef PTYS_ARE_OPENPTY
setsid \
setpgrp \
setpgid \
- openpty \
_getpty \
grantpt \
unlockpt \
updwtmpx \
ttyslot \
)
-dnl# Note: On NetBSD, openpty() exists in libutil. Don't pull it in
dnl# --------------------------------------------------------------------------
dnl# DO ALL UTMP AND WTMP CHECKING
#ifdef HAVE_STDLIB_H
# include <cstdlib>
#endif]], [[(void)getpt();]])],[rxvt_cv_func_getpt=yes],[rxvt_cv_func_getpt=no])])
-if test x$rxvt_cv_func_getpt = xyes; then
- AC_DEFINE(HAVE_GETPT, 1, Define if you have _GNU_SOURCE getpt() )
+if test x$rxvt_cv_func_getpt = xno; then
+ AC_CHECK_FUNC(openpty, [], [AC_CHECK_LIB(util, openpty, [LIBS="$LIBS -lutil"])])
fi
dnl# if we don't guess right then it's up to the user
AC_CACHE_CHECK(for pty/tty type, rxvt_cv_ptys,
-[if test x$ac_cv_func_openpty = xyes; then
+[if test x$ac_cv_func_openpty = xyes -o x$ac_cv_lib_util_openpty = xyes; then
rxvt_cv_ptys=OPENPTY
else if test x$ac_cv_func__getpty = xyes; then
rxvt_cv_ptys=SGI4
AC_SUBST(IF_PERL)
AC_SUBST(PERL_O)
-if text x$support_perl = xyes; then
+if test x$support_perl = xyes; then
support_frills=yes
fi
-
for ac_func in \
atexit \
revoke \
setsid \
setpgrp \
setpgid \
- openpty \
_getpty \
grantpt \
unlockpt \
fi
echo "$as_me:$LINENO: result: $rxvt_cv_func_getpt" >&5
echo "${ECHO_T}$rxvt_cv_func_getpt" >&6
-if test x$rxvt_cv_func_getpt = xyes; then
+if test x$rxvt_cv_func_getpt = xno; then
+ echo "$as_me:$LINENO: checking for openpty" >&5
+echo $ECHO_N "checking for openpty... $ECHO_C" >&6
+if test "${ac_cv_func_openpty+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define openpty to an innocuous variant, in case <limits.h> declares openpty.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define openpty innocuous_openpty
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_GETPT 1
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char openpty (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef openpty
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char openpty ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_openpty) || defined (__stub___openpty)
+choke me
+#else
+char (*f) () = openpty;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != openpty;
+ ;
+ return 0;
+}
_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_cxx_werror_flag" || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_func_openpty=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_func_openpty=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func_openpty" >&5
+echo "${ECHO_T}$ac_cv_func_openpty" >&6
+if test $ac_cv_func_openpty = yes; then
+ :
+else
+ echo "$as_me:$LINENO: checking for openpty in -lutil" >&5
+echo $ECHO_N "checking for openpty in -lutil... $ECHO_C" >&6
+if test "${ac_cv_lib_util_openpty+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lutil $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char openpty ();
+int
+main ()
+{
+openpty ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_cxx_werror_flag" || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_util_openpty=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_util_openpty=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_util_openpty" >&5
+echo "${ECHO_T}$ac_cv_lib_util_openpty" >&6
+if test $ac_cv_lib_util_openpty = yes; then
+ LIBS="$LIBS -lutil"
+fi
+
+fi
fi
if test "${rxvt_cv_ptys+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
- if test x$ac_cv_func_openpty = xyes; then
+ if test x$ac_cv_func_openpty = xyes -o x$ac_cv_lib_util_openpty = xyes; then
rxvt_cv_ptys=OPENPTY
else if test x$ac_cv_func__getpty = xyes; then
rxvt_cv_ptys=SGI4
-if text x$support_perl = xyes; then
+if test x$support_perl = xyes; then
support_frills=yes
fi
<dt><strong><a name="item_i_need_to_make_it_setuid_2fsetgid_to_support_utmp_">I need to make it setuid/setgid to support utmp/ptys on my OS, is this safe?</a></strong><br />
</dt>
<dd>
-Likely not. While I honestly try to make it secure, and am probably
-not bad at it, I think it is simply unreasonable to expect all of
-freetype + fontconfig + xft + xlib + ... + rxvt-unicode itself to all be
+Likely not. While I honestly try to make it secure, and am probably not
+bad at it, I think it is simply unreasonable to expect all of freetype
++ fontconfig + xft + xlib + perl + ... + rxvt-unicode itself to all be
secure. Also, rxvt-unicode disables some options when it detects that it
-runs setuid or setgid, which is not nice.
+runs setuid or setgid, which is not nice. Besides, with the embedded perl
+interpreter the possibility for security problems easily multiplies.
</dd>
<dd>
<p>Elevated privileges are only required for utmp and pty operations on some
systems (for example, GNU/Linux doesn't need any extra privileges for
-ptys, but some need it for utmp support). If rxvt-unicode doesn't support
-the library/setuid helper that your OS needs I'll be happy to assist you
-in implementing support for it.</p>
+ptys, but some need it for utmp support). It is planned to mvoe this into
+a forked handler process, but this is not yet done.</p>
</dd>
<dd>
<p>So, while setuid/setgid operation is supported and not a problem on your
encodings built-in that increase download times and are rarely used).
.IP "I need to make it setuid/setgid to support utmp/ptys on my \s-1OS\s0, is this safe?" 4
.IX Item "I need to make it setuid/setgid to support utmp/ptys on my OS, is this safe?"
-Likely not. While I honestly try to make it secure, and am probably
-not bad at it, I think it is simply unreasonable to expect all of
-freetype + fontconfig + xft + xlib + ... + rxvt-unicode itself to all be
+Likely not. While I honestly try to make it secure, and am probably not
+bad at it, I think it is simply unreasonable to expect all of freetype
++ fontconfig + xft + xlib + perl + ... + rxvt-unicode itself to all be
secure. Also, rxvt-unicode disables some options when it detects that it
-runs setuid or setgid, which is not nice.
+runs setuid or setgid, which is not nice. Besides, with the embedded perl
+interpreter the possibility for security problems easily multiplies.
.Sp
Elevated privileges are only required for utmp and pty operations on some
systems (for example, GNU/Linux doesn't need any extra privileges for
-ptys, but some need it for utmp support). If rxvt-unicode doesn't support
-the library/setuid helper that your \s-1OS\s0 needs I'll be happy to assist you
-in implementing support for it.
+ptys, but some need it for utmp support). It is planned to mvoe this into
+a forked handler process, but this is not yet done.
.Sp
So, while setuid/setgid operation is supported and not a problem on your
typical single-user-no-other-logins unix desktop, always remember that
=item I need to make it setuid/setgid to support utmp/ptys on my OS, is this safe?
-Likely not. While I honestly try to make it secure, and am probably
-not bad at it, I think it is simply unreasonable to expect all of
-freetype + fontconfig + xft + xlib + ... + rxvt-unicode itself to all be
+Likely not. While I honestly try to make it secure, and am probably not
+bad at it, I think it is simply unreasonable to expect all of freetype
++ fontconfig + xft + xlib + perl + ... + rxvt-unicode itself to all be
secure. Also, rxvt-unicode disables some options when it detects that it
-runs setuid or setgid, which is not nice.
+runs setuid or setgid, which is not nice. Besides, with the embedded perl
+interpreter the possibility for security problems easily multiplies.
Elevated privileges are only required for utmp and pty operations on some
systems (for example, GNU/Linux doesn't need any extra privileges for
-ptys, but some need it for utmp support). If rxvt-unicode doesn't support
-the library/setuid helper that your OS needs I'll be happy to assist you
-in implementing support for it.
+ptys, but some need it for utmp support). It is planned to mvoe this into
+a forked handler process, but this is not yet done.
So, while setuid/setgid operation is supported and not a problem on your
typical single-user-no-other-logins unix desktop, always remember that
safe?
Likely not. While I honestly try to make it secure, and am probably
not bad at it, I think it is simply unreasonable to expect all of
- freetype + fontconfig + xft + xlib + ... + rxvt-unicode itself to
- all be secure. Also, rxvt-unicode disables some options when it
- detects that it runs setuid or setgid, which is not nice.
+ freetype + fontconfig + xft + xlib + perl + ... + rxvt-unicode
+ itself to all be secure. Also, rxvt-unicode disables some options
+ when it detects that it runs setuid or setgid, which is not nice.
+ Besides, with the embedded perl interpreter the possibility for
+ security problems easily multiplies.
Elevated privileges are only required for utmp and pty operations on
some systems (for example, GNU/Linux doesn't need any extra
- privileges for ptys, but some need it for utmp support). If
- rxvt-unicode doesn't support the library/setuid helper that your OS
- needs I'll be happy to assist you in implementing support for it.
+ privileges for ptys, but some need it for utmp support). It is
+ planned to mvoe this into a forked handler process, but this is not
+ yet done.
So, while setuid/setgid operation is supported and not a problem on
your typical single-user-no-other-logins unix desktop, always
* change effective uid/gid - not real uid/gid - so we can switch
* back to root later, as required
*/
- seteuid (getuid ());
setegid (getgid ());
+ seteuid (getuid ());
break;
case SAVE:
- saved_euid = geteuid ();
saved_egid = getegid ();
+ saved_euid = geteuid ();
break;
case RESTORE:
- seteuid (saved_euid);
setegid (saved_egid);
+ seteuid (saved_euid);
break;
}
# else
switch (action)
{
case IGNORE:
- setuid (getuid ());
setgid (getgid ());
+ setuid (getuid ());
/* FALLTHROUGH */
case SAVE:
/* FALLTHROUGH */
// VERSION _must_ be \d.\d+
-#define VERSION "6.3"
+#define VERSION "7.0"
#define DATE "2006-01-04"