From d9d5fc591aa9d49f96805c77444016eae16264c3 Mon Sep 17 00:00:00 2001
From: deraadt <deraadt@openbsd.org>
Date: Thu, 25 Oct 2018 21:55:18 +0000
Subject: [PATCH] Disable setuid on the X server.  We have always known it is a
 trash fire and we held out hope too long.  This will break some stuff.  Let's
 start with non-setuid as the baseline, and see if it is worth trying to fix
 the broken parts in some other way.

---
 xserver/Makefile.bsd-wrapper | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/xserver/Makefile.bsd-wrapper b/xserver/Makefile.bsd-wrapper
index 98897ade1..af7e0724a 100644
--- a/xserver/Makefile.bsd-wrapper
+++ b/xserver/Makefile.bsd-wrapper
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile.bsd-wrapper,v 1.66 2018/03/15 10:02:36 aoyama Exp $
+# $OpenBSD: Makefile.bsd-wrapper,v 1.67 2018/10/25 21:55:18 deraadt Exp $
 
 .include <bsd.xconf.mk>
 
@@ -33,7 +33,7 @@ CONFIGURE_ARGS=	--localstatedir=/var --sysconfdir=/etc/X11 \
 		--with-xkb-output=/var/db/xkb \
 		--with-default-xkb-rules=${XKB_RULES} \
 		--with-module-dir=${LIBDIR}/modules ${GLX_OPTION} \
-		--enable-install-setuid --enable-privsep \
+		--disable-install-setuid --enable-privsep \
 		${KDRIVE_OPTION} \
 		--enable-xcsecurity \
 		--without-fop --without-xmlto --without-xsltproc \