mailing list archives
Re: gtk+ security hole.
From: Robert van der Meulen <rvdm () CISTRON NL>
Date: Wed, 3 Jan 2001 17:46:23 +0100
Quoting Kain (kain () CHAOSIUM NET):
On Tue, Jan 02, 2001 at 04:13:58PM -0500, Rob Mosher wrote:
A simple fix to this would be to drop priveleges before calling
gtk_init(), another easy fix is to modify gtk itself, to do this you
need to make the following modification of gtkmain.c. In gtk-1.2.8 its
at approximately line 215, you have:
IMO, the best way to fix this would be to have libglib/gtk see if euid==0
and just ignore those variables on init, and quite possibly go so far as
to ignore "engine" lines in .gtkrcs or maybe filter them....
In the official reply of the gtk+ team, several, very valid, reasons are
given to _never_ have a suid/setgid gtk program.
If a gtk program is suid, the suidness is a security hole on itself.
I do not think gtk should be patched to behave differently when it's running
suid/setgid, as this will only encourage people to make suid/setgid gtk
programs, and we don't want that ;)
If there's bugs in the gtk libs they should (ofcourse) be patched, but
specific 'features' for evading problems occurring when running
setuid/setgid should IMHO not be implemented.
Just my $.02,
Life is a sexually transmitted disease with 100% mortality.