aboutsummaryrefslogtreecommitdiff
path: root/desktop/i3lock/i3lock.SlackBuild
diff options
context:
space:
mode:
Diffstat (limited to 'desktop/i3lock/i3lock.SlackBuild')
-rw-r--r--desktop/i3lock/i3lock.SlackBuild14
1 files changed, 9 insertions, 5 deletions
diff --git a/desktop/i3lock/i3lock.SlackBuild b/desktop/i3lock/i3lock.SlackBuild
index 5fa35477e646d..9993dee116103 100644
--- a/desktop/i3lock/i3lock.SlackBuild
+++ b/desktop/i3lock/i3lock.SlackBuild
@@ -23,7 +23,7 @@
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
PRGNAM=i3lock
-VERSION=${VERSION:-2.9.1}
+VERSION=${VERSION:-2.10}
BUILD=${BUILD:-1}
TAG=${TAG:-_SBo}
@@ -71,15 +71,19 @@ find -L . \
# This patch removes all the PAM-related code,
# and checks the password against shadow instead.
-patch -p0 -i $CWD/i3lock-2.9.1-no-pam.patch
+patch -p0 -i $CWD/i3lock-2.10-no-pam.patch
make install DESTDIR=$PKG
# i3lock needs setuid to make sure it isn't killed by the kernel and to read shadow.
# Don't worry, the privileges are dropped really soon after starting
-# and everything else runs as your user.
-chown root:shadow $PKG/usr/bin/i3lock
-chmod 4755 $PKG/usr/bin/i3lock
+# and everything else runs without privileges.
+chown 0.0 $PKG/usr/bin/i3lock
+chmod 4751 $PKG/usr/bin/i3lock
+# We need setuid to set the out of memory score, and drop permissions once done.
+# This makes the program's init slightly more insecure, since we'd only need
+# setgid to change the group to shadow to read the password, otherwise.
+# In fact, both Slackware's xlock and xscreensaver use (root.shadow 2751) as permissions.
find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \
| cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true