Re: [dev] Adding utmpx stuff
Hello. On Tue, 09 Oct 2012 19:09:36 +0200 Roberto E. Vargas Caballero k...@shike2.com wrote: Hello, This patch adds utmpx support in st, which means that st sessions will be visible using who or, who is the correct behaviour of a terminal emulator, but this means that the binary needs have setgid, which is something we have to thing carefully. Other important about this patch is the portability of it. I have used the POSIX definitions, but as far as I know, there are some BSD that don't support very well this functions (specially OpenBSD). There are different solutions for this: - A hell of ifdef inside in st.c - A pty.c where all this portability stuff is present. - A compat file (or one for each problematic System), where this interfaces are adapted. This patch is fixing something st shouldn’t do. In my environment all the environment variables you propose to add are set. That’s something the shell should do and not the terminal emulator. A terminal emulator should be neutral to this. Sorry, but I think you are fixing something at the wrong place in your environment. If this metadata for good old style tty’s is needed, well, try to fix this in the existing operating systems. Sincerely, Christoph Lohmann
Re: [dev] Adding utmpx stuff
Roberto E. Vargas Caballero writes: This patch adds utmpx support in st, which means that st sessions will be visible using who or, who is the correct behaviour of a terminal emulator, but this means that the binary needs have setgid, which is something we have to thing carefully. Other important about this patch is the portability of it. I have used the POSIX definitions, but as far as I know, there are some BSD that don't support very well this functions (specially OpenBSD). In case anyone is curious why utmpx is not in OpenBSD, it's in the archives: http://marc.info/?l=openbsd-techm=127910804900619w=2 -- Anthony J. Bentley
Re: [dev] Adding utmpx stuff
This patch is fixing something st shouldn’t do. In my environment all the environment variables you propose to add are set. That’s something the shell should do and not the terminal emulator. A terminal emulator should be neutral to this. Sorry, but I think you are fixing something at the wrong place in your environment. If this metadata for good old style tty’s is needed, well, try to fix this in the existing operating systems. Relay in correct values of LOGNAME and USER is a security risk. If st doesn't check against /etc/passwd you can get who(1) shows other user as connected, for example. Usually these variables are set by login(1), and like a terminal emulator is doing the login job, setting these variables are work of st.
Re: [dev] Adding utmpx stuff
Relay in correct values of LOGNAME and USER is a security risk. If st doesn't check against /etc/passwd you can get who(1) shows other user as connected, for example. Usually these variables are set by login(1), and like a terminal emulator is doing the login job, setting these variables are work of st. And if SHELL is not set, st before this patch segfault.
Re: [dev] Adding utmpx stuff
Greetings. On Tue, 09 Oct 2012 19:20:53 +0200 Anthony J. Bentley anth...@cathet.us wrote: Roberto E. Vargas Caballero writes: This patch adds utmpx support in st, which means that st sessions will be visible using who or, who is the correct behaviour of a terminal emulator, but this means that the binary needs have setgid, which is something we have to thing carefully. Other important about this patch is the portability of it. I have used the POSIX definitions, but as far as I know, there are some BSD that don't support very well this functions (specially OpenBSD). In case anyone is curious why utmpx is not in OpenBSD, it's in the archives: http://marc.info/?l=openbsd-techm=127910804900619w=2 That e‐mail has several reason to not support utmpx. The proposed patch has the same size of an equal dbus interface that would call some kind of logind. That’s the kind of cruft people complain about before they start to reinvent it using Javascript or Go. Sincerely, Christoph Lohmann
Re: [dev] Adding utmpx stuff
Hello. On Tue, 09 Oct 2012 19:25:29 +0200 Roberto E. Vargas Caballero k...@shike2.com wrote: This patch is fixing something st shouldn’t do. In my environment all the environment variables you propose to add are set. That’s something the shell should do and not the terminal emulator. A terminal emulator should be neutral to this. Sorry, but I think you are fixing something at the wrong place in your environment. If this metadata for good old style tty’s is needed, well, try to fix this in the existing operating systems. Relay in correct values of LOGNAME and USER is a security risk. If st doesn't check against /etc/passwd you can get who(1) shows other user as connected, for example. Usually these variables are set by login(1), and like a terminal emulator is doing the login job, setting these variables are work of st. How is this a possible security risk? St shouldn’t be used to control login shells. It’s there to show escape sequences jump around on a screen. Sincerely, Christoph Lohmann
Re: [dev] Adding utmpx stuff
Greetings. On Tue, 09 Oct 2012 19:31:50 +0200 Roberto E. Vargas Caballero k...@shike2.com wrote: Relay in correct values of LOGNAME and USER is a security risk. If st doesn't check against /etc/passwd you can get who(1) shows other user as connected, for example. Usually these variables are set by login(1), and like a terminal emulator is doing the login job, setting these variables are work of st. And if SHELL is not set, st before this patch segfault. Actually, this is a simple check to just use »/bin/sh«. Which environ‐ ment today does not have SHELL set? Sincerely, Christoph Lohmann
Re: [dev] Adding utmpx stuff
That e‐mail has several reason to not support utmpx. The proposed patch has the same size of an equal dbus interface that would call some kind of logind. That’s the kind of cruft people complain about before they start to reinvent it using Javascript or Go. xterm uses libutempter, which is a library which calls to one program called utempter (with setgid) and this program handle all the utmpx stuff. But I think is not a good solution because: 1) libutempter only supports GLIB and FreeBSD 2) Having a program like utempter is a big mistake, because anyone can insert entries in utmpx only running it. utmpx is necessary if you want use a lot of Unix tools (write, talk, biff, and a lot). I agree that put all this stuff in st scary me to.
Re: [dev] Adding utmpx stuff
And if SHELL is not set, st before this patch segfault. Actually, this is a simple check to just use »/bin/sh«. Which environ‐ ment today does not have SHELL set? The code set SHELL only if is not set (3rd parameter of setenv). SHELL can be unset if a ugly user unset it ;).
Re: [dev] Adding utmpx stuff
How is this a possible security risk? St shouldn’t be used to control login shells. It’s there to show escape sequences jump around on a screen. The problem is that the terminal emulation is too much related to the pty stuff. The program who create the master/slave is the responsable of doing all this things. Maybe we could split it, and put all the emulation in only one program free all the pty stuff.
Re: [dev] Adding utmpx stuff
It is also necessary set WINDOWID, because it is the XWindow ID of the terminal. I suppouse w3m needs this variable to print images in the terminal.