mailing list archives
Re: gtk+ security hole.
From: Wichert Akkerman <wichert () CISTRON NL>
Date: Thu, 4 Jan 2001 00:46:58 +0100
Previously Robert van der Meulen wrote:
In the official reply of the gtk+ team, several, very valid, reasons are
given to _never_ have a suid/setgid gtk program.
I would generalize that a bit more: never use a suid X program. X is
really large, has never been properly audited, and in the last year
we've seen a number of security problems found in it.
If you need suid use a seperate minimal suid helper (or use userv)
/ Generally uninteresting signature - ignore at your convenience \
| wichert () cistron nl http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |