From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id F2C7E1381FA for ; Mon, 31 Dec 2012 12:39:48 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 3C8D621C035; Mon, 31 Dec 2012 12:39:31 +0000 (UTC) Received: from mail-gh0-f171.google.com (mail-gh0-f171.google.com [209.85.160.171]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id D09B9E0459 for ; Mon, 31 Dec 2012 12:38:11 +0000 (UTC) Received: by mail-gh0-f171.google.com with SMTP id r17so1370549ghr.2 for ; Mon, 31 Dec 2012 04:38:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:message-id:date:from:user-agent:mime-version:to:subject :references:in-reply-to:x-enigmail-version:content-type; bh=Wcs5lBiKNj98xuvP+U+QjngkF4JZvdvdjTHZz4PF/B8=; b=MnkKE+V+PaZQcsIVYrK2+loRckfXvqiXGYobw5AVC1uMLWWLjxrvIcToV+XcmKDBtG YfcyY9hVKCecXwAHKUnONX7PIKHFfcsmAl56eYJV1APxv11bmucuer4dIusZ77mqjluI wkzkZzEsMPZ1TvdkXGgNRLkt06dvTjKX1R4NEtsbMwsXT2DIjFg2mpMNYZTvfFS+kMwa VlT+11sxOs0RuXnURhvMmJNhZR4OmRQfTLTN8Whxz7I4WUjsy9X6uYU29mBaSj244kPw rWgptOS9pa7HHWxhz65CauKP0S0D/QjPgjLgdVg9XDx61QH/UUOIut8lrD7XlWFK2HSR c7Yg== X-Received: by 10.101.136.16 with SMTP id o16mr11064991ann.74.1356957490920; Mon, 31 Dec 2012 04:38:10 -0800 (PST) Received: from [192.168.2.5] (adsl-65-0-94-18.jan.bellsouth.net. [65.0.94.18]) by mx.google.com with ESMTPS id s65sm32269853yhn.19.2012.12.31.04.38.08 (version=SSLv3 cipher=OTHER); Mon, 31 Dec 2012 04:38:09 -0800 (PST) Message-ID: <50E1872F.7030200@gmail.com> Date: Mon, 31 Dec 2012 06:38:07 -0600 From: Dale User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20100101 Firefox/17.0 SeaMonkey/2.14.1 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Re: Heads up if you start X with startx; xorg-server suid flag References: <20121231062817.GA2646@waltdnes.org> <20121231064747.GC2646@waltdnes.org> <50E1454E.8000509@gmail.com> <20121231100340.1ce165ea@khamul.example.com> <20121231165347.063414d3@gentoo-main.kwkh-home> In-Reply-To: <20121231165347.063414d3@gentoo-main.kwkh-home> X-Enigmail-Version: 1.4.6 Content-Type: multipart/alternative; boundary="------------000502020703060404010504" X-Archives-Salt: 5ae05e94-6f84-4e16-9136-6c1629a1717e X-Archives-Hash: a4b03a88feed1110a8b73ad23401aafd This is a multi-part message in MIME format. --------------000502020703060404010504 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit kwkhui@hkbn.net wrote: > On Mon, 31 Dec 2012 10:03:40 +0200 > Alan McKinnon wrote: > >> It's not in the profile, the xorg-server ebuild sets USE="suid" on by >> default. >> >> Most likely is that Walter has USE="-suid" in his make.conf and sets >> it back on for things he's checked out personally. Meaning that in >> this case one slipped through. > > I suspect it is a USE="-* (blah)" rather than an explicit USE="-suid" > in the make.conf file. > > One question though --- should the xorg-server ebuild be such that > IUSE="(blah) +suid" when using a hardened-profile? Also, checking > my PORTDIR, given the global description in use.desc (suid - Enable > setuid root program, with potential security risks), shouldn't the suid > use flag entries (net-analyzer/nagios-plugins:suid and > net-wireless/kismet:suid) be deleted from use.local.desc? > > Kerwin. I think you are right. I seem to recall that Walter is one of few that does USE="-* blah" in make.conf. Seems he may have asked for this one. Dale :-) :-) -- I am only responsible for what I said ... Not for what you understood or how you interpreted my words! --------------000502020703060404010504 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit kwkhui@hkbn.net wrote:
> On Mon, 31 Dec 2012 10:03:40 +0200
> Alan McKinnon <alan.mckinnon@gmail.com> wrote:
>
>> It's not in the profile, the xorg-server ebuild sets USE="suid" on by
>> default.
>>
>> Most likely is that Walter has USE="-suid" in his make.conf and sets
>> it back on for things he's checked out personally. Meaning that in
>> this case one slipped through.
>
> I suspect it is a USE="-* (blah)" rather than an explicit USE="-suid"
> in the make.conf file.
>
> One question though --- should the xorg-server ebuild be such that
> IUSE="(blah) +suid" when using a hardened-profile? Also, checking
> my PORTDIR, given the global description in use.desc (suid - Enable
> setuid root program, with potential security risks), shouldn't the suid
> use flag entries (net-analyzer/nagios-plugins:suid and
> net-wireless/kismet:suid) be deleted from use.local.desc?
>
> Kerwin.


I think you are right. I seem to recall that Walter is one of few that does USE="-* blah" in make.conf.  Seems he may have asked for this one.

Dale

:-)  :-)

--
I am only responsible for what I said ... Not for what you understood or how you interpreted my words!

--------------000502020703060404010504--