Re: gtk+ security hole.

[Robert van der Meulen <rvdm () CISTRON NL>]

Hi,

Quoting Kain (kain () CHAOSIUM NET):
> On Tue, Jan 02, 2001 at 04:13:58PM -0500, Rob Mosher wrote:
> > A simple fix to this would be to drop priveleges before calling
> > gtk_init(), another easy fix is to modify gtk itself, to do this you
> > need to make the following modification of gtkmain.c.  In gtk-1.2.8 its
> > at approximately line 215, you have:
> IMO, the best way to fix this would be to have libglib/gtk see if euid==0
> and just ignore those variables on init, and quite possibly go so far as
> to ignore "engine" lines in .gtkrcs or maybe filter them....

In the official reply of the gtk+ team, several, very valid, reasons are
given to _never_ have a suid/setgid gtk program.
If a gtk program is suid, the suidness is a security hole on itself. 
I do not think gtk should be patched to behave differently when it's running
suid/setgid, as this will only encourage people to make suid/setgid gtk
programs, and we don't want that ;)
If there's bugs in the gtk libs they should (ofcourse) be patched, but
specific 'features' for evading problems occurring when running
setuid/setgid should IMHO not be implemented.

Just my $.02, 

        Robert
-- 
                              Linux Generation
        Life is a sexually transmitted disease with 100% mortality.

Attachment: _bin
Description: