Bug#537867: Please avoid setgid utmp

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#537867: Please avoid setgid utmp
From: Loïc Minier <lool@dooz.org>
Date: Tue, 21 Jul 2009 14:59:52 +0200
Message-id: <[🔎] 20090721125952.GA13089@bee.dooz.org>
Reply-to: Loïc Minier <lool@dooz.org>, 537867@bugs.debian.org

Package: xterm
Version: 243-1
Severity: wishlist

        Hi

 xterm is currently sgid utmp; I would prefer it wouldn't be.  The xterm
 FAQ says:

Why does $LD_LIBRARY_PATH get reset?

   If xterm is running setuid (which is needed on some systems which have
   no wrappers for opening pty's and updating utmp), newer systems
   automatically set or reset environment variables which are considered
   security problems. These include $PATH and $LD_LIBRARY_PATH, since they
   affect the choice of which programs are run if not specified via a full
   pathname.
...
   Modern Unix systems (such as recent Solaris and HPUX versions) do not
   require you to run xterm setuid. Some will result in odd malfunctions
   if you do this.

 In my case HOSTALIASES and LD_LIBRARY_PATH get reset when running
 programs which is inconvenient for key bindings launching apps in xterm
 as I need to start a shell each time to set these vars.

 I don't know whether it's possible to drop this bit in Debian yet, but
 I wish we do.

   Thanks
-- 
Loïc Minier

Reply to:

Prev by Date: Processed: reassign 537730 to xserver-xorg-core, severity of 537730 is wishlist, tagging 537730
Next by Date: libdrm: Changes to 'upstream-unstable'
Previous by thread: Processed: reassign 537730 to xserver-xorg-core, severity of 537730 is wishlist, tagging 537730
Next by thread: libdrm: Changes to 'upstream-unstable'
Index(es):
- Date
- Thread