Miroslav Lichvar (mlichvar@xxxxxxxxxx) said: > The problem is that setgid binaries have some environment variables > like LD_LIBRARY_PATH and TMPDIR removed. I got bugs #229360 #243069 > reported for xterm. Unfortunately I can't fix it unless utempter is > accessible without setgid. Do we really need to protect the file from > bad applications? > > Gnome-terminal, on the other hand, uses gnome-pty-helper binary that > has utmp setgid. The binary is not hidden and every application can > make entries in the utmp file. > > To have some consistency, either gnome-pty-helper needs to be also > made accessible only to the utempter group and gnome-terminal is made > setgid or utemper is made accessible to everyone and xterm drops setgid. The entire idea of utempter is so that the terminal *doesn't* need to be setgid - if it's setgid, what's the point of a helper? Bill -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
