-- Leo's gemini proxy
-- Connecting to git.thebackupbox.net:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini
repo: rxvt-unicode-sixel action: commit revision: path_from: revision_from: 1ea88e0500e2bcaaf9794c2b828c6f6e5215dc45: path_to: revision_to:
commit 1ea88e0500e2bcaaf9794c2b828c6f6e5215dc45
Author: Marc Lehmann <schmorp@schmorp.de>
Date: Wed Jan 11 19:55:34 2006 +0000
*** empty log message ***
diff --git a/Changes b/Changes
--- a/Changes +++ b/Changes @@ -1,5 +1,6 @@ rxvt-unicode changelog <= google-friendly title +TODO: move pty/tty handling into a fork'ed server and drop all privs TODO: harmonize --disable-options into position-dependent options. TODO: after requesting the selection and getting a timeout, no further requests will be sent. TODO: "slow" rendering mode for bidi and scripts diff --git a/README.FAQ b/README.FAQ
--- a/README.FAQ
+++ b/README.FAQ
@@ -129,15 +129,17 @@ FREQUENTLY ASKED QUESTIONS
safe?
Likely not. While I honestly try to make it secure, and am probably
not bad at it, I think it is simply unreasonable to expect all of
- freetype + fontconfig + xft + xlib + ... + rxvt-unicode itself to
- all be secure. Also, rxvt-unicode disables some options when it
- detects that it runs setuid or setgid, which is not nice.
+ freetype + fontconfig + xft + xlib + perl + ... + rxvt-unicode
+ itself to all be secure. Also, rxvt-unicode disables some options
+ when it detects that it runs setuid or setgid, which is not nice.
+ Besides, with the embedded perl interpreter the possibility for
+ security problems easily multiplies.
Elevated privileges are only required for utmp and pty operations on
some systems (for example, GNU/Linux doesn't need any extra
- privileges for ptys, but some need it for utmp support). If
- rxvt-unicode doesn't support the library/setuid helper that your OS
- needs I'll be happy to assist you in implementing support for it.
+ privileges for ptys, but some need it for utmp support). It is
+ planned to mvoe this into a forked handler process, but this is not
+ yet done.
So, while setuid/setgid operation is supported and not a problem on
your typical single-user-no-other-logins unix desktop, always
diff --git a/autoconf/config.h.in b/autoconf/config.h.in
--- a/autoconf/config.h.in +++ b/autoconf/config.h.in @@ -73,9 +73,6 @@ /* Define if you have the on_exit function. */ #undef HAVE_ON_EXIT -/* Define if you have the openpty function. */ -#undef HAVE_OPENPTY - /* Define if you have the revoke function. */ #undef HAVE_REVOKE @@ -328,9 +325,6 @@ /* Define if your XIMCallback specifies XIC as first type. */ #undef XIMCB_PROTO_BROKEN -/* Define if you have _GNU_SOURCE getpt() */ -#undef HAVE_GETPT - /* Define for this pty type */ #undef PTYS_ARE_OPENPTY diff --git a/autoconf/configure.in b/autoconf/configure.in
--- a/autoconf/configure.in
+++ b/autoconf/configure.in
@@ -741,7 +741,6 @@ AC_CHECK_FUNCS( \
setsid \
setpgrp \
setpgid \
- openpty \
_getpty \
grantpt \
unlockpt \
@@ -752,7 +751,6 @@ AC_CHECK_FUNCS( \
updwtmpx \
ttyslot \
)
-dnl# Note: On NetBSD, openpty() exists in libutil. Don't pull it in
dnl# --------------------------------------------------------------------------
dnl# DO ALL UTMP AND WTMP CHECKING
@@ -1187,13 +1185,13 @@ AC_CACHE_CHECK(for getpt, rxvt_cv_func_getpt,
#ifdef HAVE_STDLIB_H
# include <cstdlib>
#endif]], [[(void)getpt();]])],[rxvt_cv_func_getpt=yes],[rxvt_cv_func_getpt=no])])
-if test x$rxvt_cv_func_getpt = xyes; then
- AC_DEFINE(HAVE_GETPT, 1, Define if you have _GNU_SOURCE getpt() )
+if test x$rxvt_cv_func_getpt = xno; then
+ AC_CHECK_FUNC(openpty, [], [AC_CHECK_LIB(util, openpty, [LIBS="$LIBS -lutil"])])
fi
dnl# if we don't guess right then it's up to the user
AC_CACHE_CHECK(for pty/tty type, rxvt_cv_ptys,
-[if test x$ac_cv_func_openpty = xyes; then
+[if test x$ac_cv_func_openpty = xyes -o x$ac_cv_lib_util_openpty = xyes; then
rxvt_cv_ptys=OPENPTY
else if test x$ac_cv_func__getpty = xyes; then
rxvt_cv_ptys=SGI4
@@ -1424,7 +1422,7 @@ AC_SUBST(PERL)
AC_SUBST(IF_PERL)
AC_SUBST(PERL_O)
-if text x$support_perl = xyes; then
+if test x$support_perl = xyes; then
support_frills=yes
fi
diff --git a/configure b/configure
--- a/configure
+++ b/configure
@@ -10185,7 +10185,6 @@ esac
-
for ac_func in \
atexit \
revoke \
@@ -10196,7 +10195,6 @@ for ac_func in \
setsid \
setpgrp \
setpgid \
- openpty \
_getpty \
grantpt \
unlockpt \
@@ -12044,11 +12042,167 @@ rm -f conftest.err conftest.$ac_objext \
fi
echo "$as_me:$LINENO: result: $rxvt_cv_func_getpt" >&5
echo "${ECHO_T}$rxvt_cv_func_getpt" >&6
-if test x$rxvt_cv_func_getpt = xyes; then
+if test x$rxvt_cv_func_getpt = xno; then
+ echo "$as_me:$LINENO: checking for openpty" >&5
+echo $ECHO_N "checking for openpty... $ECHO_C" >&6
+if test "${ac_cv_func_openpty+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define openpty to an innocuous variant, in case <limits.h> declares openpty.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define openpty innocuous_openpty
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_GETPT 1
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char openpty (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef openpty
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char openpty ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_openpty) || defined (__stub___openpty)
+choke me
+#else
+char (*f) () = openpty;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != openpty;
+ ;
+ return 0;
+}
_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_cxx_werror_flag" || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_func_openpty=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_func_openpty=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func_openpty" >&5
+echo "${ECHO_T}$ac_cv_func_openpty" >&6
+if test $ac_cv_func_openpty = yes; then
+ :
+else
+ echo "$as_me:$LINENO: checking for openpty in -lutil" >&5
+echo $ECHO_N "checking for openpty in -lutil... $ECHO_C" >&6
+if test "${ac_cv_lib_util_openpty+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lutil $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char openpty ();
+int
+main ()
+{
+openpty ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_cxx_werror_flag" || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_util_openpty=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_util_openpty=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_util_openpty" >&5
+echo "${ECHO_T}$ac_cv_lib_util_openpty" >&6
+if test $ac_cv_lib_util_openpty = yes; then
+ LIBS="$LIBS -lutil"
+fi
+
+fi
fi
@@ -12057,7 +12211,7 @@ echo $ECHO_N "checking for pty/tty type... $ECHO_C" >&6
if test "${rxvt_cv_ptys+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
- if test x$ac_cv_func_openpty = xyes; then
+ if test x$ac_cv_func_openpty = xyes -o x$ac_cv_lib_util_openpty = xyes; then
rxvt_cv_ptys=OPENPTY
else if test x$ac_cv_func__getpty = xyes; then
rxvt_cv_ptys=SGI4
@@ -12821,7 +12975,7 @@ fi
-if text x$support_perl = xyes; then
+if test x$support_perl = xyes; then
support_frills=yes
fi
diff --git a/doc/rxvt.7.html b/doc/rxvt.7.html
--- a/doc/rxvt.7.html +++ b/doc/rxvt.7.html @@ -237,18 +237,18 @@ encodings built-in that increase download times and are rarely used).</p> <dt><strong><a name="item_i_need_to_make_it_setuid_2fsetgid_to_support_utmp_">I need to make it setuid/setgid to support utmp/ptys on my OS, is this safe?</a></strong><br /> </dt> <dd> -Likely not. While I honestly try to make it secure, and am probably -not bad at it, I think it is simply unreasonable to expect all of -freetype + fontconfig + xft + xlib + ... + rxvt-unicode itself to all be +Likely not. While I honestly try to make it secure, and am probably not +bad at it, I think it is simply unreasonable to expect all of freetype ++ fontconfig + xft + xlib + perl + ... + rxvt-unicode itself to all be secure. Also, rxvt-unicode disables some options when it detects that it -runs setuid or setgid, which is not nice. +runs setuid or setgid, which is not nice. Besides, with the embedded perl +interpreter the possibility for security problems easily multiplies. </dd> <dd> <p>Elevated privileges are only required for utmp and pty operations on some systems (for example, GNU/Linux doesn't need any extra privileges for -ptys, but some need it for utmp support). If rxvt-unicode doesn't support -the library/setuid helper that your OS needs I'll be happy to assist you -in implementing support for it.</p> +ptys, but some need it for utmp support). It is planned to mvoe this into +a forked handler process, but this is not yet done.</p> </dd> <dd> <p>So, while setuid/setgid operation is supported and not a problem on your diff --git a/doc/rxvt.7.man.in b/doc/rxvt.7.man.in
--- a/doc/rxvt.7.man.in +++ b/doc/rxvt.7.man.in @@ -290,17 +290,17 @@ one with \f(CW\*(C`\-\-disable\-everything\*(C'\fR (very useful) and a maximal o encodings built-in that increase download times and are rarely used). .IP "I need to make it setuid/setgid to support utmp/ptys on my \s-1OS\s0, is this safe?" 4 .IX Item "I need to make it setuid/setgid to support utmp/ptys on my OS, is this safe?" -Likely not. While I honestly try to make it secure, and am probably -not bad at it, I think it is simply unreasonable to expect all of -freetype + fontconfig + xft + xlib + ... + rxvt-unicode itself to all be +Likely not. While I honestly try to make it secure, and am probably not +bad at it, I think it is simply unreasonable to expect all of freetype ++ fontconfig + xft + xlib + perl + ... + rxvt-unicode itself to all be secure. Also, rxvt-unicode disables some options when it detects that it -runs setuid or setgid, which is not nice. +runs setuid or setgid, which is not nice. Besides, with the embedded perl +interpreter the possibility for security problems easily multiplies. .Sp Elevated privileges are only required for utmp and pty operations on some systems (for example, GNU/Linux doesn't need any extra privileges for -ptys, but some need it for utmp support). If rxvt-unicode doesn't support -the library/setuid helper that your \s-1OS\s0 needs I'll be happy to assist you -in implementing support for it. +ptys, but some need it for utmp support). It is planned to mvoe this into +a forked handler process, but this is not yet done. .Sp So, while setuid/setgid operation is supported and not a problem on your typical single-user-no-other-logins unix desktop, always remember that diff --git a/doc/rxvt.7.pod b/doc/rxvt.7.pod
--- a/doc/rxvt.7.pod +++ b/doc/rxvt.7.pod @@ -156,17 +156,17 @@ encodings built-in that increase download times and are rarely used). =item I need to make it setuid/setgid to support utmp/ptys on my OS, is this safe? -Likely not. While I honestly try to make it secure, and am probably -not bad at it, I think it is simply unreasonable to expect all of -freetype + fontconfig + xft + xlib + ... + rxvt-unicode itself to all be +Likely not. While I honestly try to make it secure, and am probably not +bad at it, I think it is simply unreasonable to expect all of freetype ++ fontconfig + xft + xlib + perl + ... + rxvt-unicode itself to all be secure. Also, rxvt-unicode disables some options when it detects that it -runs setuid or setgid, which is not nice. +runs setuid or setgid, which is not nice. Besides, with the embedded perl +interpreter the possibility for security problems easily multiplies. Elevated privileges are only required for utmp and pty operations on some systems (for example, GNU/Linux doesn't need any extra privileges for -ptys, but some need it for utmp support). If rxvt-unicode doesn't support -the library/setuid helper that your OS needs I'll be happy to assist you -in implementing support for it. +ptys, but some need it for utmp support). It is planned to mvoe this into +a forked handler process, but this is not yet done. So, while setuid/setgid operation is supported and not a problem on your typical single-user-no-other-logins unix desktop, always remember that diff --git a/doc/rxvt.7.txt b/doc/rxvt.7.txt
--- a/doc/rxvt.7.txt
+++ b/doc/rxvt.7.txt
@@ -150,15 +150,17 @@ FREQUENTLY ASKED QUESTIONS
safe?
Likely not. While I honestly try to make it secure, and am probably
not bad at it, I think it is simply unreasonable to expect all of
- freetype + fontconfig + xft + xlib + ... + rxvt-unicode itself to
- all be secure. Also, rxvt-unicode disables some options when it
- detects that it runs setuid or setgid, which is not nice.
+ freetype + fontconfig + xft + xlib + perl + ... + rxvt-unicode
+ itself to all be secure. Also, rxvt-unicode disables some options
+ when it detects that it runs setuid or setgid, which is not nice.
+ Besides, with the embedded perl interpreter the possibility for
+ security problems easily multiplies.
Elevated privileges are only required for utmp and pty operations on
some systems (for example, GNU/Linux doesn't need any extra
- privileges for ptys, but some need it for utmp support). If
- rxvt-unicode doesn't support the library/setuid helper that your OS
- needs I'll be happy to assist you in implementing support for it.
+ privileges for ptys, but some need it for utmp support). It is
+ planned to mvoe this into a forked handler process, but this is not
+ yet done.
So, while setuid/setgid operation is supported and not a problem on
your typical single-user-no-other-logins unix desktop, always
diff --git a/src/main.C b/src/main.C
--- a/src/main.C
+++ b/src/main.C
@@ -705,24 +705,24 @@ rxvt_privileges (rxvt_privaction action)
* change effective uid/gid - not real uid/gid - so we can switch
* back to root later, as required
*/
- seteuid (getuid ());
setegid (getgid ());
+ seteuid (getuid ());
break;
case SAVE:
- saved_euid = geteuid ();
saved_egid = getegid ();
+ saved_euid = geteuid ();
break;
case RESTORE:
- seteuid (saved_euid);
setegid (saved_egid);
+ seteuid (saved_euid);
break;
}
# else
switch (action)
{
case IGNORE:
- setuid (getuid ());
setgid (getgid ());
+ setuid (getuid ());
/* FALLTHROUGH */
case SAVE:
/* FALLTHROUGH */
diff --git a/src/version.h b/src/version.h
--- a/src/version.h +++ b/src/version.h @@ -1,3 +1,3 @@ // VERSION _must_ be \d.\d+ -#define VERSION "6.3" +#define VERSION "7.0" #define DATE "2006-01-04"
-----END OF PAGE-----
-- Response ended
-- Page fetched on Sun Jun 2 11:38:07 2024