x11-wm/hikari: seatd option and option groupings
Needs ReviewPublic
Actions

Authored by ports_xanderio.de on Dec 12 2020, 9:13 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Fri, Apr 12, 10:35 AM

	Unknown Object (File)
	Wed, Apr 10, 4:17 PM

	Unknown Object (File)
	Dec 22 2023, 10:28 PM

	Unknown Object (File)
	Dec 13 2023, 4:57 AM

	Unknown Object (File)
	Jun 30 2023, 5:25 AM

	Unknown Object (File)
	Jun 29 2023, 3:57 AM

	Unknown Object (File)
	Jun 9 2023, 9:54 PM

	Unknown Object (File)
	Jun 3 2023, 12:14 AM

View All 14 Files

Subscribers

mat

This revision needs review, but all reviewers have resigned.

Details

Reviewers

jbeich

Summary

This change adds a new option to the hikari port seatd, when this option is selected setuid isn't set on the hikari binary.
The old setuid behavior is still avalible trouw the HIKARI_SUID option.

The old SUID option was there for split into the UNLOCKER_SUID and HIKARI_SUID options.

Diff Detail

Repository

rP FreeBSD ports repository

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

ports_xanderio.de created this revision.Dec 12 2020, 9:13 PM

Herald added a subscriber: mat. · View Herald TranscriptDec 12 2020, 9:13 PM

ports_xanderio.de requested review of this revision.Dec 12 2020, 9:13 PM

Bug tracker: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251794

SEATD option is not necessary:

seatd support is only available if x11-toolkits/wlroots is built with LIBSEAT option enabled
LIBSEAT is enabled by default since rP553548, reducing the need to patch compositors to support setuid

Not sure about SUID -> HIKARI_SUID + UNLOCKER_SUID e.g., x11/swaylock doesn't have an option to disable setuid bit. hikari_unlocker requires setuid for pam_authenticate(3) to read /etc/master.passwd via pam_unix.so. Even if PAM configuration is changed (e.g., pam_google_authenticator, pam_yubico) an unprivileged process may still not be trusted with access to secret (generator). However, I don't maintain x11-wm/hikari, so whatever. ;)