On Mon, 31 Dec 2012 11:29:12 +0200 Alan McKinnon <alan.mckin...@gmail.com> wrote:
> On Mon, 31 Dec 2012 16:53:47 +0800 > kwk...@hkbn.net wrote: > > > On Mon, 31 Dec 2012 10:03:40 +0200 > > Alan McKinnon <alan.mckin...@gmail.com> wrote: > > > > > It's not in the profile, the xorg-server ebuild sets USE="suid" on > > > by default. > > > > > > Most likely is that Walter has USE="-suid" in his make.conf and > > > sets it back on for things he's checked out personally. Meaning > > > that in this case one slipped through. > > > > I suspect it is a USE="-* (blah)" rather than an explicit > > USE="-suid" in the make.conf file. > > > > One question though --- should the xorg-server ebuild be such that > > IUSE="(blah) +suid" when using a hardened-profile? > > That already has a de-facto answer; USE="suid" must be on by default > as without it users cannot run a desktop (xorg-server does not yet run > without root permissions) But(!) if one uses a login manager, xorg server would only be ever be run by root, right? Hence the use flag rather than a must like, e.g., sys-apps/shadow (and the question whether the dangerous suid should be set in desktop profiles instead of default on even for hardened). Kerwin.
signature.asc
Description: PGP signature
