mailing list archives
Re: gtk+ security hole.
From: Crist Clark <crist.clark () GLOBALSTAR COM>
Date: Thu, 4 Jan 2001 11:36:38 -0800
Bryan Porter wrote:
I'm sorry, but this seems a bit much for me. My car has tires, and because
the tires are kind of bad and over-engineered, I should'nt drive over 10MPH
because they might explode? What? Fix the tires. Same thing here.
"Don't make GTK+ program suid/setgid because it's based on another project
with multiple potential vulnerabilites." Absolutely ridiculous. "Our tires
suck because we bought cheap rubber." What?
That is a really silly analogy, but I'll play along. The GTK+ guys
are saying something more like, "Our tires were designed to be used on
roads. If you drive them off-road over a field of sharp jagged rocks,
they might and probably will fail. Don't use our tires off-road. We do
not plan on producing off-road tires, nor is it practical to modify
existing tires for off-road use."
Bottom line, if GTK+ is broken, fix it. And if it can't safely run suid,
then it is horribly broken.
This is not true. GTK+ is not designed to be run setuid. It cannot be
safely run setuid. This does not mean it is broken, it means that it can't
do something it was not meant to. Along the same lines, it is generally
accepted that setuid shell scripts are not safe. Does this mean the shells
The mail from the GTK+ developers was quite frank and refreshing. There
recommendations were simply sound, widely accepted, secure coding practices.
Crist J. Clark Network Security Engineer
crist.clark () globalstar com Globalstar, L.P.
(408) 933-4387 FAX: (408) 933-4926