1 |
On Mon, 31 Dec 2012 11:29:12 +0200 |
2 |
Alan McKinnon <alan.mckinnon@×××××.com> wrote: |
3 |
|
4 |
> On Mon, 31 Dec 2012 16:53:47 +0800 |
5 |
> kwkhui@××××.net wrote: |
6 |
> |
7 |
> > On Mon, 31 Dec 2012 10:03:40 +0200 |
8 |
> > Alan McKinnon <alan.mckinnon@×××××.com> wrote: |
9 |
> > |
10 |
> > > It's not in the profile, the xorg-server ebuild sets USE="suid" on |
11 |
> > > by default. |
12 |
> > > |
13 |
> > > Most likely is that Walter has USE="-suid" in his make.conf and |
14 |
> > > sets it back on for things he's checked out personally. Meaning |
15 |
> > > that in this case one slipped through. |
16 |
> > |
17 |
> > I suspect it is a USE="-* (blah)" rather than an explicit |
18 |
> > USE="-suid" in the make.conf file. |
19 |
> > |
20 |
> > One question though --- should the xorg-server ebuild be such that |
21 |
> > IUSE="(blah) +suid" when using a hardened-profile? |
22 |
> |
23 |
> That already has a de-facto answer; USE="suid" must be on by default |
24 |
> as without it users cannot run a desktop (xorg-server does not yet run |
25 |
> without root permissions) |
26 |
|
27 |
But(!) if one uses a login manager, xorg server would only be ever be |
28 |
run by root, right? Hence the use flag rather than a must like, e.g., |
29 |
sys-apps/shadow (and the question whether the dangerous suid should be |
30 |
set in desktop profiles instead of default on even for hardened). |
31 |
|
32 |
Kerwin. |