Hello, I've rewritten the ebuild for net-www/links to build the new links version supporting graphic mode (using either svgalib, devfs of X) and javascript. This ebuild define a new 'use' variable : javascript - Enable javascript support in web-browser. This ebuild enable graphic mode if either X, svga or devfs is in ${USE}, but I'm not sure if my handling of this detection is the good way (tm). But this is the simpler way without defining another new use variable ... Bye
Created attachment 1135 [details] links-2.0_pre3.ebuild This is the promised ebuild. It is a rewrite from scratch ... -- Keiichi
Oups, I've forgotten to set the severity to enhancement ... Sorry. -- Keiichi
*** Bug 2888 has been marked as a duplicate of this bug. ***
Thanks. I have added this to portage and masked it for now. Here's a question for you. Have you tried running it as a regular user in a console using the svgalib driver? I always get permission i/o errors. I am thinking it is a devfsd thing, but I can't quite figure out what error that is, exactly.
Created attachment 1170 [details] links-2.0_pre3-r1.ebuild Hi ! I've changed the ebuild to install links suid root when it is compiled with svgalib support (since it need root privilege to use this library). It now also print a message when compiled with either svgalib support (cause it is installed suid) or with fbdev (it need privileges to access /dev/fb/0, usually given by putting the user in a group having read/write access to this device) ... I don't know if this is the right way to update this ebuild since the bug report is now closed ... Bye -- Keiichi
Hi (I don't know if you got the previous comment because a made my attachment before reopening the bug). Basically, I've attached an ebuild that solve your problem with svgalib and give additional information when compiling with fbdev support ... To see the attachment : http://bugs.gentoo.org/attachment.cgi?id=1170&action=view Bye -- Keiichi
how safe is it to make this binary suid?
Hi, From SVGALib authors : > However, it is a myth that SVGAlib is a security risk. While SVGAlib apps > must be setuid root, that privilege is given up immediately after execution. > There is no need to be concerned. But there is still the risk of bug in SVGALib and / or links initializtion routines. I think it should be reasonably safe to set the SUID bit on links, but there is still the possibilities of bug. I've choosen to install it because if the user request the svgalib driver he really is aware of this security implication (because all application using svgalib needs root privilege). If he doesn't want to take the risk, he should not have 'svga' in his USE list ... But maybe the ebuild should only indicate that the svgalib driver will only work is the user has root privileges (SUID binary / sudo / ...) and let the user choose wheter or not he wants to set the SUID bit ... Let me know, and I'll change the ebuild in consequences ... -- Keiichi
Defresne, links-2.0 final is out. I like the idea of informing the user to setuid if s/he chooses to do so for svgalib...
Defrense?
set suid if svga in use