Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: gtk+ security hole.
From: Rob Mosher <rmosher () LIGHTNING NET>
Date: Wed, 3 Jan 2001 16:15:25 -0500

As pointed out by chris, GTK also accepts --gtk-module from the command
line, at around line 238 in gtk-1.2.8, you can make sure euid == uid to
prevent this from happenning.  IE:

if ((strcmp ("--gtk-module", (*argv)[i]) == 0 ||
strncmp("--gtk-module=", (*argv)[i], 13) == 0) && geteuid() == getuid())


--
Rob Mosher
Lead Programmer / Systems Engineer
Lightning Internet Services, LLC


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]