utmp and wtmp files at startup. real-uid / effective-uid flipping was
used to cleanup the records in these two files at logout-time. Over
time it was recognized that setuid root is too dangerous, later on
even uid flipping became an unacceptable practice (because an attacker
who finds a bug will simply flip the uid back to root before
continuing exploitation). Some OS's helped xterm (and other similar
login-related tooling) by making utmp writeable by a new utmp group,
but most did not do the same for wtmp. xterm started using this new
utmp gid, and the wtmp code moved to "try, and if it fails, ignore the
failure".
The obvious way to use this uid is for xterm to open the utmp file for
write (early on), discard the egid, and keep the file descriptor
around until utmp cleanup at termination. 10-20 lines of code, maybe.
But no,.... that's not what happened.
The previous setuid root flipping code (which is nearly a hundred
lines of #ifdef-wrapped code for portability reasons) was copied and
repurposed by adding new #ifdef code for setgid utmp flipping, and
thus nearly a hundred lines of #ifdef-wrapped code was added). setgid
flipping has less severe security risks than setuid flipping, but it
is remains an excessively strong and unneccessary power (compared to a
single writeable fd).
When pledge() arrived on the scene, "wpath" was required so that the
utmp file could be opened late, and "id" was required to support egid
flipping. unveil() arrived on the scene, and the utmp path was added
to the list of viable paths, once again not considering that an incorrect
approach was being taken by the code.
I tried rewriting the portable USE_UTMP_SETGID code to follow the
open-drop-reuse-fd approach, to help out upstream xterm, but it is such
a brain-melting shitshow I gave up, we'll have a (small) intrusive patch
which opens utmp early, drops the gid, and reuses the fd later on.
Maybe upstream will take care of this eventually to reduce the risk of
egid other operating systems.
ok matthieu, much feedback from millert
This code is not compiled on OpenBSD so the shipped xterm are not
vulnerable to this (which is CVE-2022-24130)
Committing the fix in case someone uses this for builds with sixel enabled.
Only in (default) case where there are no exec-formatted or
exec-selected resources set. In those case the commands and their
arguments could be anywhere.
CharWidth is a conditional wrapper that assumes that all wide characters
in the range 32-126 and 160-255) are latin-1 characters and are identical
with the unicode (UTF-8) codepoints and result in a width of 1.
This is correct in so far that the names of these code-points are
identical, but for SHY (soft-hyphen) the explanation of how it should be
used differs between unicode and latin-1. Latin-1 assumes that it's always
displayed, for unicode it should only be displayed after local grammar
rules apply.
This wrapper got introduced in xterm #334 and is on the short-list of Thomas
Dickey to fix. Since we don't know when the next release is going to be,
commit this one now, so we have it fixed before 7.0.
Originally discrepency between xterm and wcwidth(3) pointed out by Lauri
Tirkkonen (lauri <at> hacktheplanet <dot> fi).
OK matthieu@
that comes bundled with xterm(1).
Issue found and based on a diff from Lauri Tirkkonen <lotheac at iki dot fi>.
The final form of the diff follows a suggestion from tedu@.
OK matthieu@
* Add the missing locale, modifyFunctionKeys, precompose, and scrollBar.
* Move backarrowKeyIsErase to conform to alphabetical sorting.
* Add a missing full stop.
Diff found in my tree; i obviously forgot to commit it earlier.
This is more coherent with how the menu item interacts with changes
caused by sending escape sequences. Remove the check mark from the
item which was getting out of sync.
less surprising and makes copy and paste work better, even though
some none-default fonts currently do not display combining accents.
Problem reported by Philippe Meunier <meunier at ccs dot neu dot edu>.
Root cause found by bentley@.
OK bentley@, and the general direction was also supported by stsp@.
- use BUILDFIRST
- have fontconfig use normal 'all' targets to make sure its files are built
- explicitly document the fontconfig lib order
okay matthieu@
