Home page logo

bugtraq logo Bugtraq mailing list archives

Re: gtk+ security hole.
From: Rob Mosher <rmosher () LIGHTNING NET>
Date: Tue, 2 Jan 2001 16:13:58 -0500

A simple fix to this would be to drop priveleges before calling
gtk_init(), another easy fix is to modify gtk itself, to do this you
need to make the following modification of gtkmain.c.  In gtk-1.2.8 its
at approximately line 215, you have:

  env_string = getenv ("GTK_MODULES");

add the following line above it:
  if(geteuid() != getuid())

This will prevent gtk from loading modules if the program calling
gtk_init has a different euid than the uid.

Chris Sharp wrote:

while going through a quick audit of gtk i found:

gtk+ can be tricked into running arbitrary code
via a bogus module.  this means any program using
gtk that is set*id can be exploited via this
method.  here is an exploit i wrote for this
security hole:

original xgtk.c(working/un-wrapped):

Rob Mosher
Lead Programmer / Systems Engineer
Lightning Internet Services, LLC

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]