Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Claimed vulnerability in GTK_MODULES
From: Kris Kennaway <kris () FREEBSD ORG>
Date: Wed, 3 Jan 2001 09:32:29 -0800

On Wed, Jan 03, 2001 at 10:40:33AM -0500, Owen Taylor wrote:
What follows is the official GTK+ team position on this matter.  (It
can be found at http://www.gtk.org/setuid.html as well.)  The summary
is that we don't consider it a problem because writing set[ug]id
programs with a GUI toolkit is simply a bad idea and not supported for

Why not force the issue and abort in GTK startup if issetugid() (for
those platforms which have it)?


Attachment: _bin

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]