Bugtraq mailing list archives
Re: gtk+ security hole.
From: Kain <kain () CHAOSIUM NET>
Date: Wed, 3 Jan 2001 02:08:08 -0600
On Tue, Jan 02, 2001 at 04:13:58PM -0500, Rob Mosher wrote:
A simple fix to this would be to drop priveleges before calling gtk_init(), another easy fix is to modify gtk itself, to do this you need to make the following modification of gtkmain.c. In gtk-1.2.8 its at approximately line 215, you have:
Is this bug also in the glib/gtk 2 code? Bad things could also be done with this by writing your own gtk-engine and putting your evil code to load in .gtkrc... I'm no toolkit expert, but with the theming support in Qt2, does it have similar rendering-module support? IMO, the best way to fix this would be to have libglib/gtk see if euid==0 and just ignore those variables on init, and quite possibly go so far as to ignore "engine" lines in .gtkrcs or maybe filter them.... -- Art is a lie which makes us realize the truth. -- Picasso ** Evil Genius Bryon Roche, Kain <kain () chaosium net>
Attachment:
_bin
Description:
Current thread:
- gtk+ security hole. Chris Sharp (Jan 02)
- Re: gtk+ security hole. Rob Mosher (Jan 02)
- Re: gtk+ security hole. Rob Mosher (Jan 03)
- Re: gtk+ security hole. Rob Mosher (Jan 03)
- Re: gtk+ security hole. Kain (Jan 03)
- Re: gtk+ security hole. Robert van der Meulen (Jan 03)
- Re: gtk+ security hole. Wichert Akkerman (Jan 04)
- Re: gtk+ security hole. Rob Mosher (Jan 03)
- Re: gtk+ security hole. Rob Mosher (Jan 02)
- <Possible follow-ups>
- Re: gtk+ security hole. Bryan Porter (Jan 04)
- Re: gtk+ security hole. Crist Clark (Jan 05)
- Re: gtk+ security hole. Joe (Jan 05)
- Re: gtk+ security hole. Crispin Cowan (Jan 05)
- Re: gtk+ security hole. Bryan Porter (Jan 05)