Re: Claimed vulnerability in GTK_MODULES

[Kris Kennaway <kris () FREEBSD ORG>]

On Wed, Jan 03, 2001 at 10:40:33AM -0500, Owen Taylor wrote:
> What follows is the official GTK+ team position on this matter.  (It
> can be found at http://www.gtk.org/setuid.html as well.)  The summary
> is that we don't consider it a problem because writing set[ug]id
> programs with a GUI toolkit is simply a bad idea and not supported for
> GTK+.

Why not force the issue and abort in GTK startup if issetugid() (for
those platforms which have it)?

Kris

Attachment: _bin
Description: