Disable setuid on the X server. We have always known it is a trash fire
and we held out hope too long. This will break some stuff. Let's start with non-setuid as the baseline, and see if it is worth trying to fix the broken parts in some other way.
This commit is contained in:
parent
2d6e93a5b7
commit
d9d5fc591a
@ -1,4 +1,4 @@
|
|||||||
# $OpenBSD: Makefile.bsd-wrapper,v 1.66 2018/03/15 10:02:36 aoyama Exp $
|
# $OpenBSD: Makefile.bsd-wrapper,v 1.67 2018/10/25 21:55:18 deraadt Exp $
|
||||||
|
|
||||||
.include <bsd.xconf.mk>
|
.include <bsd.xconf.mk>
|
||||||
|
|
||||||
@ -33,7 +33,7 @@ CONFIGURE_ARGS= --localstatedir=/var --sysconfdir=/etc/X11 \
|
|||||||
--with-xkb-output=/var/db/xkb \
|
--with-xkb-output=/var/db/xkb \
|
||||||
--with-default-xkb-rules=${XKB_RULES} \
|
--with-default-xkb-rules=${XKB_RULES} \
|
||||||
--with-module-dir=${LIBDIR}/modules ${GLX_OPTION} \
|
--with-module-dir=${LIBDIR}/modules ${GLX_OPTION} \
|
||||||
--enable-install-setuid --enable-privsep \
|
--disable-install-setuid --enable-privsep \
|
||||||
${KDRIVE_OPTION} \
|
${KDRIVE_OPTION} \
|
||||||
--enable-xcsecurity \
|
--enable-xcsecurity \
|
||||||
--without-fop --without-xmlto --without-xsltproc \
|
--without-fop --without-xmlto --without-xsltproc \
|
||||||
|
Loading…
Reference in New Issue
Block a user