From 8677e4326e0d9030ccff41b92427b9f723c05254 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 9 Jan 2006 01:54:43 +0000 Subject: [PATCH] *** empty log message *** --- Changes | 2 ++ README.FAQ | 41 +++++++++++++++++++++++++++++++++++++++++ doc/rxvt.7.html | 47 +++++++++++++++++++++++++++++++++++++++++++++++ doc/rxvt.7.man.in | 39 ++++++++++++++++++++++++++++++++++++++- doc/rxvt.7.pod | 39 +++++++++++++++++++++++++++++++++++++++ doc/rxvt.7.txt | 41 +++++++++++++++++++++++++++++++++++++++++ 6 files changed, 208 insertions(+), 1 deletion(-) diff --git a/Changes b/Changes index 81d12f9b..f87b7b79 100644 --- a/Changes +++ b/Changes @@ -9,6 +9,8 @@ WISH: OnTheSpot editing, or maybe switch to miiiiiiif WISH: just for fun, do shade and tint with XRender. WISH: support tex fonts + - added sections for DISTRIBUTION MAINTAINERS and about + SETUID/SETGID operation tot he FAQ. - selection, selection-popup and option-popup extensions enabled by default. - perl: much increased functionality, better overlays, popup support diff --git a/README.FAQ b/README.FAQ index 7f7c3e45..943de4d5 100644 --- a/README.FAQ +++ b/README.FAQ @@ -103,6 +103,47 @@ FREQUENTLY ASKED QUESTIONS also a bug in the Debian version and it serves as a reminder for other users that might encounter the same issue. + I am maintaining rxvt-unicode for distribution/OS XXX, any + recommendation? + You should build one binary with the default options. configure now + enables most useful options, and the trend goes to making them + runtime-switchable, too, so there is usually no drawback to enbaling + them, except higher disk and possibly memory usage. The perl + interpreter should be enabled, as important functionality (menus, + selection, likely more in the future) depends on it. + + You should not overwrite the "perl-ext-common" snd "perl-ext" + resources system-wide (except maybe with "defaults"). This will + result in useful behaviour. If your distribution aims at low memory, + add an empty "perl-ext-common" resource to the app-defaults file. + This will keep the perl interpreter disabled until the user enables + it. + + If you can/want build more binaries, I recommend building a minimal + one with "--disable-everything" (very useful) and a maximal one with + "--enable-everything" (less useful, it will be very big due to a lot + of encodings built-in that increase download times and are rarely + used). + + I need to make it setuid/setgid to support utmp/ptys on my OS, is this + safe? + Likely not. While I honestly try to make it secure, and am probably + not bad at it, I think it is simply unreasonable to expect all of + freetype + fontconfig + xft + xlib + ... + rxvt-unicode itself to + all be secure. Also, rxvt-unicode disables some options when it + detects that it runs setuid or setgid, which is not nice. + + Elevated privileges are only required for utmp and pty operations on + some systems (for example, GNU/Linux doesn't need any extra + privileges for ptys, but some need it for utmp support). If + rxvt-unicode doesn't support the library/setuid helper that your OS + needs I'll be happy to assist you in implementing support for it. + + So, while setuid/setgid operation is supported and not a problem on + your typical single-user-no-other-logins unix desktop, always + remember that its an awful lot of code, most of which isn't checked + for security issues regularly. + When I log-in to another system it tells me about missing terminfo data? The terminal description used by rxvt-unicode is not as widely available as that for xterm, or even rxvt (for which the same diff --git a/doc/rxvt.7.html b/doc/rxvt.7.html index ba44483f..e5771492 100644 --- a/doc/rxvt.7.html +++ b/doc/rxvt.7.html @@ -210,6 +210,53 @@ bug in the Debian version and it serves as a reminder for other users that might encounter the same issue.

+
I am maintaining rxvt-unicode for distribution/OS XXX, any recommendation?
+
+
+You should build one binary with the default options. configure +now enables most useful options, and the trend goes to making them +runtime-switchable, too, so there is usually no drawback to enbaling them, +except higher disk and possibly memory usage. The perl interpreter should +be enabled, as important functionality (menus, selection, likely more in +the future) depends on it. +
+
+

You should not overwrite the perl-ext-common snd perl-ext resources +system-wide (except maybe with defaults). This will result in useful +behaviour. If your distribution aims at low memory, add an empty +perl-ext-common resource to the app-defaults file. This will keep the +perl interpreter disabled until the user enables it.

+
+
+

If you can/want build more binaries, I recommend building a minimal +one with --disable-everything (very useful) and a maximal one with +--enable-everything (less useful, it will be very big due to a lot of +encodings built-in that increase download times and are rarely used).

+
+

+
I need to make it setuid/setgid to support utmp/ptys on my OS, is this safe?
+
+
+Likely not. While I honestly try to make it secure, and am probably +not bad at it, I think it is simply unreasonable to expect all of +freetype + fontconfig + xft + xlib + ... + rxvt-unicode itself to all be +secure. Also, rxvt-unicode disables some options when it detects that it +runs setuid or setgid, which is not nice. +
+
+

Elevated privileges are only required for utmp and pty operations on some +systems (for example, GNU/Linux doesn't need any extra privileges for +ptys, but some need it for utmp support). If rxvt-unicode doesn't support +the library/setuid helper that your OS needs I'll be happy to assist you +in implementing support for it.

+
+
+

So, while setuid/setgid operation is supported and not a problem on your +typical single-user-no-other-logins unix desktop, always remember that +its an awful lot of code, most of which isn't checked for security issues +regularly.

+
+

When I log-in to another system it tells me about missing terminfo data?
diff --git a/doc/rxvt.7.man.in b/doc/rxvt.7.man.in index 50668592..4afc5002 100644 --- a/doc/rxvt.7.man.in +++ b/doc/rxvt.7.man.in @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "rxvt 7" -.TH rxvt 7 "2006-01-07" "6.3" "RXVT-UNICODE" +.TH rxvt 7 "2006-01-09" "6.3" "RXVT-UNICODE" .SH "NAME" RXVT REFERENCE \- FAQ, command sequences and other background information .SH "SYNOPSIS" @@ -269,6 +269,43 @@ For other problems that also affect the Debian package, you can and probably should use the Debian \s-1BTS\s0, too, because, after all, it's also a bug in the Debian version and it serves as a reminder for other users that might encounter the same issue. +.IP "I am maintaining rxvt-unicode for distribution/OS \s-1XXX\s0, any recommendation?" 4 +.IX Item "I am maintaining rxvt-unicode for distribution/OS XXX, any recommendation?" +You should build one binary with the default options. \fIconfigure\fR +now enables most useful options, and the trend goes to making them +runtime\-switchable, too, so there is usually no drawback to enbaling them, +except higher disk and possibly memory usage. The perl interpreter should +be enabled, as important functionality (menus, selection, likely more in +the future) depends on it. +.Sp +You should not overwrite the \f(CW\*(C`perl\-ext\-common\*(C'\fR snd \f(CW\*(C`perl\-ext\*(C'\fR resources +system-wide (except maybe with \f(CW\*(C`defaults\*(C'\fR). This will result in useful +behaviour. If your distribution aims at low memory, add an empty +\&\f(CW\*(C`perl\-ext\-common\*(C'\fR resource to the app-defaults file. This will keep the +perl interpreter disabled until the user enables it. +.Sp +If you can/want build more binaries, I recommend building a minimal +one with \f(CW\*(C`\-\-disable\-everything\*(C'\fR (very useful) and a maximal one with +\&\f(CW\*(C`\-\-enable\-everything\*(C'\fR (less useful, it will be very big due to a lot of +encodings built-in that increase download times and are rarely used). +.IP "I need to make it setuid/setgid to support utmp/ptys on my \s-1OS\s0, is this safe?" 4 +.IX Item "I need to make it setuid/setgid to support utmp/ptys on my OS, is this safe?" +Likely not. While I honestly try to make it secure, and am probably +not bad at it, I think it is simply unreasonable to expect all of +freetype + fontconfig + xft + xlib + ... + rxvt-unicode itself to all be +secure. Also, rxvt-unicode disables some options when it detects that it +runs setuid or setgid, which is not nice. +.Sp +Elevated privileges are only required for utmp and pty operations on some +systems (for example, GNU/Linux doesn't need any extra privileges for +ptys, but some need it for utmp support). If rxvt-unicode doesn't support +the library/setuid helper that your \s-1OS\s0 needs I'll be happy to assist you +in implementing support for it. +.Sp +So, while setuid/setgid operation is supported and not a problem on your +typical single-user-no-other-logins unix desktop, always remember that +its an awful lot of code, most of which isn't checked for security issues +regularly. .IP "When I log-in to another system it tells me about missing terminfo data?" 4 .IX Item "When I log-in to another system it tells me about missing terminfo data?" The terminal description used by rxvt-unicode is not as widely available diff --git a/doc/rxvt.7.pod b/doc/rxvt.7.pod index 3dfeb4fc..5ccac016 100644 --- a/doc/rxvt.7.pod +++ b/doc/rxvt.7.pod @@ -134,6 +134,45 @@ probably should use the Debian BTS, too, because, after all, it's also a bug in the Debian version and it serves as a reminder for other users that might encounter the same issue. +=item I am maintaining rxvt-unicode for distribution/OS XXX, any recommendation? + +You should build one binary with the default options. F +now enables most useful options, and the trend goes to making them +runtime-switchable, too, so there is usually no drawback to enbaling them, +except higher disk and possibly memory usage. The perl interpreter should +be enabled, as important functionality (menus, selection, likely more in +the future) depends on it. + +You should not overwrite the C snd C resources +system-wide (except maybe with C). This will result in useful +behaviour. If your distribution aims at low memory, add an empty +C resource to the app-defaults file. This will keep the +perl interpreter disabled until the user enables it. + +If you can/want build more binaries, I recommend building a minimal +one with C<--disable-everything> (very useful) and a maximal one with +C<--enable-everything> (less useful, it will be very big due to a lot of +encodings built-in that increase download times and are rarely used). + +=item I need to make it setuid/setgid to support utmp/ptys on my OS, is this safe? + +Likely not. While I honestly try to make it secure, and am probably +not bad at it, I think it is simply unreasonable to expect all of +freetype + fontconfig + xft + xlib + ... + rxvt-unicode itself to all be +secure. Also, rxvt-unicode disables some options when it detects that it +runs setuid or setgid, which is not nice. + +Elevated privileges are only required for utmp and pty operations on some +systems (for example, GNU/Linux doesn't need any extra privileges for +ptys, but some need it for utmp support). If rxvt-unicode doesn't support +the library/setuid helper that your OS needs I'll be happy to assist you +in implementing support for it. + +So, while setuid/setgid operation is supported and not a problem on your +typical single-user-no-other-logins unix desktop, always remember that +its an awful lot of code, most of which isn't checked for security issues +regularly. + =item When I log-in to another system it tells me about missing terminfo data? The terminal description used by rxvt-unicode is not as widely available diff --git a/doc/rxvt.7.txt b/doc/rxvt.7.txt index e43b3368..9ac3292a 100644 --- a/doc/rxvt.7.txt +++ b/doc/rxvt.7.txt @@ -124,6 +124,47 @@ FREQUENTLY ASKED QUESTIONS also a bug in the Debian version and it serves as a reminder for other users that might encounter the same issue. + I am maintaining rxvt-unicode for distribution/OS XXX, any + recommendation? + You should build one binary with the default options. configure now + enables most useful options, and the trend goes to making them + runtime-switchable, too, so there is usually no drawback to enbaling + them, except higher disk and possibly memory usage. The perl + interpreter should be enabled, as important functionality (menus, + selection, likely more in the future) depends on it. + + You should not overwrite the "perl-ext-common" snd "perl-ext" + resources system-wide (except maybe with "defaults"). This will + result in useful behaviour. If your distribution aims at low memory, + add an empty "perl-ext-common" resource to the app-defaults file. + This will keep the perl interpreter disabled until the user enables + it. + + If you can/want build more binaries, I recommend building a minimal + one with "--disable-everything" (very useful) and a maximal one with + "--enable-everything" (less useful, it will be very big due to a lot + of encodings built-in that increase download times and are rarely + used). + + I need to make it setuid/setgid to support utmp/ptys on my OS, is this + safe? + Likely not. While I honestly try to make it secure, and am probably + not bad at it, I think it is simply unreasonable to expect all of + freetype + fontconfig + xft + xlib + ... + rxvt-unicode itself to + all be secure. Also, rxvt-unicode disables some options when it + detects that it runs setuid or setgid, which is not nice. + + Elevated privileges are only required for utmp and pty operations on + some systems (for example, GNU/Linux doesn't need any extra + privileges for ptys, but some need it for utmp support). If + rxvt-unicode doesn't support the library/setuid helper that your OS + needs I'll be happy to assist you in implementing support for it. + + So, while setuid/setgid operation is supported and not a problem on + your typical single-user-no-other-logins unix desktop, always + remember that its an awful lot of code, most of which isn't checked + for security issues regularly. + When I log-in to another system it tells me about missing terminfo data? The terminal description used by rxvt-unicode is not as widely available as that for xterm, or even rxvt (for which the same -- 2.34.1