Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: gtk+ security hole.
From: Wichert Akkerman <wichert () CISTRON NL>
Date: Thu, 4 Jan 2001 00:46:58 +0100

Previously Robert van der Meulen wrote:
In the official reply of the gtk+ team, several, very valid, reasons are
given to _never_ have a suid/setgid gtk program.

I would generalize that a bit more: never use a suid X program. X is
really large, has never been properly audited, and in the last year
we've seen a number of security problems found in it.

If you need suid use a seperate minimal suid helper (or use userv)
instead.

Wichert.

--
   ________________________________________________________________
 / Generally uninteresting signature - ignore at your convenience  \
| wichert () cistron nl                  http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault