Bug#537867: marked as done (Please avoid setgid utmp)
Your message dated Fri, 04 Sep 2009 16:49:00 +0000
with message-id <E1Mjby8-000642-W7@ries.debian.org>
and subject line Bug#537867: fixed in xterm 247-1
has caused the Debian Bug report #537867,
regarding Please avoid setgid utmp
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
537867: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=537867
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: Please avoid setgid utmp
- From: Loïc Minier <lool@dooz.org>
- Date: Tue, 21 Jul 2009 14:59:52 +0200
- Message-id: <20090721125952.GA13089@bee.dooz.org>
Package: xterm
Version: 243-1
Severity: wishlist
Hi
xterm is currently sgid utmp; I would prefer it wouldn't be. The xterm
FAQ says:
Why does $LD_LIBRARY_PATH get reset?
If xterm is running setuid (which is needed on some systems which have
no wrappers for opening pty's and updating utmp), newer systems
automatically set or reset environment variables which are considered
security problems. These include $PATH and $LD_LIBRARY_PATH, since they
affect the choice of which programs are run if not specified via a full
pathname.
...
Modern Unix systems (such as recent Solaris and HPUX versions) do not
require you to run xterm setuid. Some will result in odd malfunctions
if you do this.
In my case HOSTALIASES and LD_LIBRARY_PATH get reset when running
programs which is inconvenient for key bindings launching apps in xterm
as I need to start a shell each time to set these vars.
I don't know whether it's possible to drop this bit in Debian yet, but
I wish we do.
Thanks
--
Loïc Minier
--- End Message ---
--- Begin Message ---
Source: xterm
Source-Version: 247-1
We believe that the bug you reported is fixed in the latest version of
xterm, which is due to be installed in the Debian FTP archive:
xterm_247-1.diff.gz
to pool/main/x/xterm/xterm_247-1.diff.gz
xterm_247-1.dsc
to pool/main/x/xterm/xterm_247-1.dsc
xterm_247-1_amd64.deb
to pool/main/x/xterm/xterm_247-1_amd64.deb
xterm_247.orig.tar.gz
to pool/main/x/xterm/xterm_247.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 537867@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Julien Cristau <jcristau@debian.org> (supplier of updated xterm package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 04 Sep 2009 16:24:35 +0200
Source: xterm
Binary: xterm
Architecture: source amd64
Version: 247-1
Distribution: unstable
Urgency: low
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Julien Cristau <jcristau@debian.org>
Description:
xterm - X terminal emulator
Closes: 537867
Changes:
xterm (247-1) unstable; urgency=low
.
* New upstream release.
* Bump Standards-Version to 3.8.3.
* Remove David Martínez Moreno from Uploaders as he hasn't been active on
this package lately.
* Kill remaining subversion $Id$ tags from debian packaging files.
* Use libutempter, remove setgid bit from the xterm binary (closes: #537867).
Checksums-Sha1:
9698e05a2203ddd296152e4c0da4ba53b68d220b 1313 xterm_247-1.dsc
71c2110c60480aa3322938950eea1ae5b3eb1bf3 883562 xterm_247.orig.tar.gz
6b1c4b67b00724d7b9a408120ff04fd6fbbd7f15 74187 xterm_247-1.diff.gz
11d3f793e229de9627b62de0a1249093451409ec 512976 xterm_247-1_amd64.deb
Checksums-Sha256:
da02b5e4da0fef5f773ddb33e6b0685b19c0ac68317a99053512809e467cbcd2 1313 xterm_247-1.dsc
7e43b61011acfcdd09d9f1ce2940b4a8259212593e135b17d3056e903f97c106 883562 xterm_247.orig.tar.gz
dfa53691d60d859d1e667c8c368529d8381e063a3692a25bb4ca6895f81c47cd 74187 xterm_247-1.diff.gz
7f7a941bfd4a06e6e4d579f5caeb39c3bfbe3351babe320beb49c8421af49b97 512976 xterm_247-1_amd64.deb
Files:
376b9151fa3609f1007415e42b2ae47e 1313 x11 optional xterm_247-1.dsc
ef73f7f1eb8c863c51f2bfac1f55efd1 883562 x11 optional xterm_247.orig.tar.gz
1d207f41c000d625cddd5bf4000d45ad 74187 x11 optional xterm_247-1.diff.gz
11eb993a7a96120edcb6ecfca344e62d 512976 x11 optional xterm_247-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkqhKJYACgkQmEvTgKxfcAx5VQCgz5YSdFMa/dYIb7460JXXDZfJ
xx0Anis6IsEvT9EkJbB2bZra+JpXI0On
=ei7D
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: