Home page logo

bugtraq logo Bugtraq mailing list archives

Re: gtk+ security hole.
From: Rob Mosher <rmosher () LIGHTNING NET>
Date: Wed, 3 Jan 2001 10:08:33 -0500

my mistake on this one, should be:
if(geteuid() == getuid())

Rob Mosher wrote:

A simple fix to this would be to drop priveleges before calling
gtk_init(), another easy fix is to modify gtk itself, to do this you
need to make the following modification of gtkmain.c.  In gtk-1.2.8 its
at approximately line 215, you have:

  env_string = getenv ("GTK_MODULES");

add the following line above it:
  if(geteuid() != getuid())

Rob Mosher
Lead Programmer / Systems Engineer
Lightning Internet Services, LLC

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]