Bugtraq mailing list archives
Re: Claimed vulnerability in GTK_MODULES
From: Kris Kennaway <kris () FREEBSD ORG>
Date: Thu, 4 Jan 2001 04:03:55 -0800
On Wed, Jan 03, 2001 at 09:32:29AM -0800, Kris Kennaway wrote:
On Wed, Jan 03, 2001 at 10:40:33AM -0500, Owen Taylor wrote:What follows is the official GTK+ team position on this matter. (It can be found at http://www.gtk.org/setuid.html as well.) The summary is that we don't consider it a problem because writing set[ug]id programs with a GUI toolkit is simply a bad idea and not supported for GTK+.Why not force the issue and abort in GTK startup if issetugid() (for those platforms which have it)?
Actually, aborting on issetugid() ("Are you now, or have you ever been, a privileged exeutable?") probably won't work acceptibly for programs which revoke all privileged resources before calling GTK. Of course, if GTK does not abort, and a program drops only some privileges (e.g. only setuid()'ing from root) this still allows hijacking of any privileged resources the application still retains, such as network sockets and open file descriptors. Perhaps the best thing would be to force a global variable to be set in privileged GTK apps to allow them to run (bypassing the issetugid() abort), so that developers have fair warning of insecurity, but the ability to override it if they truly believe themselves to be safe (e.g. the GNOME games case or programs which revoke privilege and all privileged resources) Kris
Attachment:
_bin
Description:
Current thread:
- Claimed vulnerability in GTK_MODULES Owen Taylor (Jan 03)
- Re: Claimed vulnerability in GTK_MODULES Kris Kennaway (Jan 03)
- Re: Claimed vulnerability in GTK_MODULES Kris Kennaway (Jan 04)
- Re: Claimed vulnerability in GTK_MODULES Owen Taylor (Jan 04)
- Re: Claimed vulnerability in GTK_MODULES Kris Kennaway (Jan 03)