in the ebuilds, it says 'in order to utilize svga, links must be setuid' ... well setting it uid of 0 allows for a local root exploit i would rather people bend over backwards to get svga support in their links program than get bent over just for svga support SOLUTION: (1) remove the lines in both links-2.1 ebuilds: # links needs to be setuid for it to work with svga use svga && ( \ fperms 4755 /usr/bin/links2 ) (2) send out a security advisory telling people to run: emerge rsync emerge links
ok, now the user will be spammed a message in postinst, explaining that suid bit must be set on /usr/bin/links2 to enable SVGA support. this message is only spammed if "svga" is in USE in the first place.