mailing list archives
Re: gtk+ security hole.
From: Bryan Porter <bporter () GTW NET>
Date: Wed, 3 Jan 2001 15:30:10 -0600
I'm sorry, but this seems a bit much for me. My car has tires, and because
the tires are kind of bad and over-engineered, I should'nt drive over 10MPH
because they might explode? What? Fix the tires. Same thing here.
"Don't make GTK+ program suid/setgid because it's based on another project
with multiple potential vulnerabilites." Absolutely ridiculous. "Our tires
suck because we bought cheap rubber." What?
Bottom line, if GTK+ is broken, fix it. And if it can't safely run suid,
then it is horribly broken. It's a graphic library for christs sake. And, if
it so full of spaghetti code that it can't easily be fixed, then trash it.
But the excuses given are ridiculous, period. No professional project would
ever stand for this level of ineptitude. Qt works fine suid. And it's quite
From: Robert van der Meulen [mailto:rvdm () CISTRON NL]
Sent: Wednesday, January 03, 2001 10:46 AM
To: BUGTRAQ () SECURITYFOCUS COM
Subject: Re: gtk+ security hole.
Quoting Kain (kain () CHAOSIUM NET):
On Tue, Jan 02, 2001 at 04:13:58PM -0500, Rob Mosher wrote:
A simple fix to this would be to drop priveleges before calling
gtk_init(), another easy fix is to modify gtk itself, to do this you
need to make the following modification of gtkmain.c. In gtk-1.2.8 its
at approximately line 215, you have:
IMO, the best way to fix this would be to have libglib/gtk see if euid==0
and just ignore those variables on init, and quite possibly go so far as
to ignore "engine" lines in .gtkrcs or maybe filter them....
In the official reply of the gtk+ team, several, very valid, reasons are
given to _never_ have a suid/setgid gtk program.
If a gtk program is suid, the suidness is a security hole on itself.
I do not think gtk should be patched to behave differently when it's running
suid/setgid, as this will only encourage people to make suid/setgid gtk
programs, and we don't want that ;)
If there's bugs in the gtk libs they should (ofcourse) be patched, but
specific 'features' for evading problems occurring when running
setuid/setgid should IMHO not be implemented.
Just my $.02,
Life is a sexually transmitted disease with 100% mortality.