| 1 |
On Mon, 31 Dec 2012 11:29:12 +0200 |
| 2 |
Alan McKinnon <alan.mckinnon@×××××.com> wrote: |
| 3 |
|
| 4 |
> On Mon, 31 Dec 2012 16:53:47 +0800 |
| 5 |
> kwkhui@××××.net wrote: |
| 6 |
> |
| 7 |
> > On Mon, 31 Dec 2012 10:03:40 +0200 |
| 8 |
> > Alan McKinnon <alan.mckinnon@×××××.com> wrote: |
| 9 |
> > |
| 10 |
> > > It's not in the profile, the xorg-server ebuild sets USE="suid" on |
| 11 |
> > > by default. |
| 12 |
> > > |
| 13 |
> > > Most likely is that Walter has USE="-suid" in his make.conf and |
| 14 |
> > > sets it back on for things he's checked out personally. Meaning |
| 15 |
> > > that in this case one slipped through. |
| 16 |
> > |
| 17 |
> > I suspect it is a USE="-* (blah)" rather than an explicit |
| 18 |
> > USE="-suid" in the make.conf file. |
| 19 |
> > |
| 20 |
> > One question though --- should the xorg-server ebuild be such that |
| 21 |
> > IUSE="(blah) +suid" when using a hardened-profile? |
| 22 |
> |
| 23 |
> That already has a de-facto answer; USE="suid" must be on by default |
| 24 |
> as without it users cannot run a desktop (xorg-server does not yet run |
| 25 |
> without root permissions) |
| 26 |
|
| 27 |
But(!) if one uses a login manager, xorg server would only be ever be |
| 28 |
run by root, right? Hence the use flag rather than a must like, e.g., |
| 29 |
sys-apps/shadow (and the question whether the dangerous suid should be |
| 30 |
set in desktop profiles instead of default on even for hardened). |
| 31 |
|
| 32 |
Kerwin. |
Archives