Disable setuid on the X server. We have always known it is a trash fire

and we held out hope too long.  This will break some stuff.  Let's start
with non-setuid as the baseline, and see if it is worth trying to fix
the broken parts in some other way.
This commit is contained in:
deraadt 2018-10-25 21:55:18 +00:00
parent 2d6e93a5b7
commit d9d5fc591a

View File

@ -1,4 +1,4 @@
# $OpenBSD: Makefile.bsd-wrapper,v 1.66 2018/03/15 10:02:36 aoyama Exp $ # $OpenBSD: Makefile.bsd-wrapper,v 1.67 2018/10/25 21:55:18 deraadt Exp $
.include <bsd.xconf.mk> .include <bsd.xconf.mk>
@ -33,7 +33,7 @@ CONFIGURE_ARGS= --localstatedir=/var --sysconfdir=/etc/X11 \
--with-xkb-output=/var/db/xkb \ --with-xkb-output=/var/db/xkb \
--with-default-xkb-rules=${XKB_RULES} \ --with-default-xkb-rules=${XKB_RULES} \
--with-module-dir=${LIBDIR}/modules ${GLX_OPTION} \ --with-module-dir=${LIBDIR}/modules ${GLX_OPTION} \
--enable-install-setuid --enable-privsep \ --disable-install-setuid --enable-privsep \
${KDRIVE_OPTION} \ ${KDRIVE_OPTION} \
--enable-xcsecurity \ --enable-xcsecurity \
--without-fop --without-xmlto --without-xsltproc \ --without-fop --without-xmlto --without-xsltproc \