Bugtraq mailing list archives
Re: gtk+ security hole.
From: Rob Mosher <rmosher () LIGHTNING NET>
Date: Wed, 3 Jan 2001 16:15:25 -0500
As pointed out by chris, GTK also accepts --gtk-module from the command line, at around line 238 in gtk-1.2.8, you can make sure euid == uid to prevent this from happenning. IE: if ((strcmp ("--gtk-module", (*argv)[i]) == 0 || strncmp("--gtk-module=", (*argv)[i], 13) == 0) && geteuid() == getuid()) -- Rob Mosher Lead Programmer / Systems Engineer Lightning Internet Services, LLC
Current thread:
- gtk+ security hole. Chris Sharp (Jan 02)
- Re: gtk+ security hole. Rob Mosher (Jan 02)
- Re: gtk+ security hole. Rob Mosher (Jan 03)
- Re: gtk+ security hole. Rob Mosher (Jan 03)
- Re: gtk+ security hole. Kain (Jan 03)
- Re: gtk+ security hole. Robert van der Meulen (Jan 03)
- Re: gtk+ security hole. Wichert Akkerman (Jan 04)
- Re: gtk+ security hole. Rob Mosher (Jan 03)
- Re: gtk+ security hole. Rob Mosher (Jan 02)
- <Possible follow-ups>
- Re: gtk+ security hole. Bryan Porter (Jan 04)
- Re: gtk+ security hole. Crist Clark (Jan 05)
- Re: gtk+ security hole. Joe (Jan 05)
- Re: gtk+ security hole. Crispin Cowan (Jan 05)
- Re: gtk+ security hole. Bryan Porter (Jan 05)