Page MenuHomeFreeBSD

x11-wm/hikari: seatd option and option groupings
Needs ReviewPublic

Authored by ports_xanderio.de on Dec 12 2020, 9:13 PM.
Tags
None
Referenced Files
F108296327: D27592.id80646.diff
Thu, Jan 23, 3:35 PM
Unknown Object (File)
Dec 22 2024, 9:13 PM
Unknown Object (File)
Nov 22 2024, 1:24 PM
Unknown Object (File)
Nov 19 2024, 9:00 PM
Unknown Object (File)
Oct 18 2024, 5:09 AM
Unknown Object (File)
Oct 7 2024, 11:43 AM
Unknown Object (File)
Oct 4 2024, 11:09 AM
Unknown Object (File)
Oct 4 2024, 10:03 AM
Subscribers
This revision needs review, but all reviewers have resigned.

Details

Reviewers
jbeich
Summary

This change adds a new option to the hikari port seatd, when this option is selected setuid isn't set on the hikari binary.
The old setuid behavior is still avalible trouw the HIKARI_SUID option.

The old SUID option was there for split into the UNLOCKER_SUID and HIKARI_SUID options.

Diff Detail

Repository
rP FreeBSD ports repository
Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

SEATD option is not necessary:

  • seatd support is only available if x11-toolkits/wlroots is built with LIBSEAT option enabled
  • LIBSEAT is enabled by default since rP553548, reducing the need to patch compositors to support setuid

Not sure about SUID -> HIKARI_SUID + UNLOCKER_SUID e.g., x11/swaylock doesn't have an option to disable setuid bit. hikari_unlocker requires setuid for pam_authenticate(3) to read /etc/master.passwd via pam_unix.so. Even if PAM configuration is changed (e.g., pam_google_authenticator, pam_yubico) an unprivileged process may still not be trusted with access to secret (generator). However, I don't maintain x11-wm/hikari, so whatever. ;)