Bug#537867: marked as done (Please avoid setgid utmp)

To: Julien Cristau <jcristau@debian.org>
Subject: Bug#537867: marked as done (Please avoid setgid utmp)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Fri, 04 Sep 2009 17:00:32 +0000
Message-id: <[🔎] handler.537867.D537867.12520832836184.ackdone@bugs.debian.org>
References: <E1Mjby8-000642-W7@ries.debian.org> <20090721125952.GA13089@bee.dooz.org>

Your message dated Fri, 04 Sep 2009 16:49:00 +0000
with message-id <E1Mjby8-000642-W7@ries.debian.org>
and subject line Bug#537867: fixed in xterm 247-1
has caused the Debian Bug report #537867,
regarding Please avoid setgid utmp
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
537867: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=537867
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Please avoid setgid utmp
From: Loïc Minier <lool@dooz.org>
Date: Tue, 21 Jul 2009 14:59:52 +0200
Message-id: <20090721125952.GA13089@bee.dooz.org>

Package: xterm
Version: 243-1
Severity: wishlist

        Hi

 xterm is currently sgid utmp; I would prefer it wouldn't be.  The xterm
 FAQ says:

Why does $LD_LIBRARY_PATH get reset?

   If xterm is running setuid (which is needed on some systems which have
   no wrappers for opening pty's and updating utmp), newer systems
   automatically set or reset environment variables which are considered
   security problems. These include $PATH and $LD_LIBRARY_PATH, since they
   affect the choice of which programs are run if not specified via a full
   pathname.
...
   Modern Unix systems (such as recent Solaris and HPUX versions) do not
   require you to run xterm setuid. Some will result in odd malfunctions
   if you do this.

 In my case HOSTALIASES and LD_LIBRARY_PATH get reset when running
 programs which is inconvenient for key bindings launching apps in xterm
 as I need to start a shell each time to set these vars.

 I don't know whether it's possible to drop this bit in Debian yet, but
 I wish we do.

   Thanks
-- 
Loïc Minier

--- End Message ---

--- Begin Message ---

To: 537867-close@bugs.debian.org
Subject: Bug#537867: fixed in xterm 247-1
From: Julien Cristau <jcristau@debian.org>
Date: Fri, 04 Sep 2009 16:49:00 +0000
Message-id: <E1Mjby8-000642-W7@ries.debian.org>

Source: xterm
Source-Version: 247-1

We believe that the bug you reported is fixed in the latest version of
xterm, which is due to be installed in the Debian FTP archive:

xterm_247-1.diff.gz
  to pool/main/x/xterm/xterm_247-1.diff.gz
xterm_247-1.dsc
  to pool/main/x/xterm/xterm_247-1.dsc
xterm_247-1_amd64.deb
  to pool/main/x/xterm/xterm_247-1_amd64.deb
xterm_247.orig.tar.gz
  to pool/main/x/xterm/xterm_247.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 537867@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Julien Cristau <jcristau@debian.org> (supplier of updated xterm package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 04 Sep 2009 16:24:35 +0200
Source: xterm
Binary: xterm
Architecture: source amd64
Version: 247-1
Distribution: unstable
Urgency: low
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Julien Cristau <jcristau@debian.org>
Description: 
 xterm      - X terminal emulator
Closes: 537867
Changes: 
 xterm (247-1) unstable; urgency=low
 .
   * New upstream release.
   * Bump Standards-Version to 3.8.3.
   * Remove David Martínez Moreno from Uploaders as he hasn't been active on
     this package lately.
   * Kill remaining subversion $Id$ tags from debian packaging files.
   * Use libutempter, remove setgid bit from the xterm binary (closes: #537867).
Checksums-Sha1: 
 9698e05a2203ddd296152e4c0da4ba53b68d220b 1313 xterm_247-1.dsc
 71c2110c60480aa3322938950eea1ae5b3eb1bf3 883562 xterm_247.orig.tar.gz
 6b1c4b67b00724d7b9a408120ff04fd6fbbd7f15 74187 xterm_247-1.diff.gz
 11d3f793e229de9627b62de0a1249093451409ec 512976 xterm_247-1_amd64.deb
Checksums-Sha256: 
 da02b5e4da0fef5f773ddb33e6b0685b19c0ac68317a99053512809e467cbcd2 1313 xterm_247-1.dsc
 7e43b61011acfcdd09d9f1ce2940b4a8259212593e135b17d3056e903f97c106 883562 xterm_247.orig.tar.gz
 dfa53691d60d859d1e667c8c368529d8381e063a3692a25bb4ca6895f81c47cd 74187 xterm_247-1.diff.gz
 7f7a941bfd4a06e6e4d579f5caeb39c3bfbe3351babe320beb49c8421af49b97 512976 xterm_247-1_amd64.deb
Files: 
 376b9151fa3609f1007415e42b2ae47e 1313 x11 optional xterm_247-1.dsc
 ef73f7f1eb8c863c51f2bfac1f55efd1 883562 x11 optional xterm_247.orig.tar.gz
 1d207f41c000d625cddd5bf4000d45ad 74187 x11 optional xterm_247-1.diff.gz
 11eb993a7a96120edcb6ecfca344e62d 512976 x11 optional xterm_247-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkqhKJYACgkQmEvTgKxfcAx5VQCgz5YSdFMa/dYIb7460JXXDZfJ
xx0Anis6IsEvT9EkJbB2bZra+JpXI0On
=ei7D
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: xterm_247-1_amd64.changes ACCEPTED
Next by Date: Bug#540191: Probably sync-to-vblank related
Previous by thread: xterm_247-1_amd64.changes ACCEPTED
Next by thread: Bug#538077: marked as done (installation-reports: Netinstall 5.0.2: empty xorg.conf and wrong keymap)
Index(es):
- Date
- Thread