x11-wm/hikari: seatd option and option groupings
Needs ReviewPublic
Actions

Authored by ports_xanderio.de on Dec 12 2020, 9:13 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Sun, Dec 22, 9:13 PM

	Unknown Object (File)
	Nov 22 2024, 1:24 PM

	Unknown Object (File)
	Nov 19 2024, 9:00 PM

	Unknown Object (File)
	Oct 18 2024, 5:09 AM

	Unknown Object (File)
	Oct 7 2024, 11:43 AM

	Unknown Object (File)
	Oct 4 2024, 11:09 AM

	Unknown Object (File)
	Oct 4 2024, 10:03 AM

	Unknown Object (File)
	Oct 1 2024, 11:08 PM

View All 40 Files

Subscribers

mat

This revision needs review, but all reviewers have resigned.

Details

Reviewers

jbeich

Summary

This change adds a new option to the hikari port seatd, when this option is selected setuid isn't set on the hikari binary.
The old setuid behavior is still avalible trouw the HIKARI_SUID option.

The old SUID option was there for split into the UNLOCKER_SUID and HIKARI_SUID options.

Diff Detail

Repository

rP FreeBSD ports repository

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

ports_xanderio.de created this revision.Dec 12 2020, 9:13 PM

Herald added a subscriber: mat. · View Herald TranscriptDec 12 2020, 9:13 PM

ports_xanderio.de requested review of this revision.Dec 12 2020, 9:13 PM

Bug tracker: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251794

SEATD option is not necessary:

seatd support is only available if x11-toolkits/wlroots is built with LIBSEAT option enabled
LIBSEAT is enabled by default since rP553548, reducing the need to patch compositors to support setuid

Not sure about SUID -> HIKARI_SUID + UNLOCKER_SUID e.g., x11/swaylock doesn't have an option to disable setuid bit. hikari_unlocker requires setuid for pam_authenticate(3) to read /etc/master.passwd via pam_unix.so. Even if PAM configuration is changed (e.g., pam_google_authenticator, pam_yubico) an unprivileged process may still not be trusted with access to secret (generator). However, I don't maintain x11-wm/hikari, so whatever. ;)