Hi, I'd like to ask some questions about terminal emulators and utmp. In /var/run/utmp file is stored information about who is currently using the system. The file is writable only for group utmp, so there has to be a mechanism that will allow terminal emulators to add entries to the file. A library called libutempter (used by xterm and konsole) allows to modify the file only to processes that have group utempter. It used to work without setgid, but the utempter binary used by the library is hidden in a directory with permissions "drwx--x--- root utempter" since FC6. The problem is that setgid binaries have some environment variables like LD_LIBRARY_PATH and TMPDIR removed. I got bugs #229360 #243069 reported for xterm. Unfortunately I can't fix it unless utempter is accessible without setgid. Do we really need to protect the file from bad applications? Gnome-terminal, on the other hand, uses gnome-pty-helper binary that has utmp setgid. The binary is not hidden and every application can make entries in the utmp file. To have some consistency, either gnome-pty-helper needs to be also made accessible only to the utempter group and gnome-terminal is made setgid or utemper is made accessible to everyone and xterm drops setgid. Which path are we going to follow? Comments? -- Miroslav Lichvar -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
