Bugtraq mailing list archives
Re: Claimed vulnerability in GTK_MODULES
From: Kris Kennaway <kris () FREEBSD ORG>
Date: Wed, 3 Jan 2001 09:32:29 -0800
On Wed, Jan 03, 2001 at 10:40:33AM -0500, Owen Taylor wrote:
What follows is the official GTK+ team position on this matter. (It can be found at http://www.gtk.org/setuid.html as well.) The summary is that we don't consider it a problem because writing set[ug]id programs with a GUI toolkit is simply a bad idea and not supported for GTK+.
Why not force the issue and abort in GTK startup if issetugid() (for those platforms which have it)? Kris
Attachment:
_bin
Description:
Current thread:
- Claimed vulnerability in GTK_MODULES Owen Taylor (Jan 03)
- Re: Claimed vulnerability in GTK_MODULES Kris Kennaway (Jan 03)
- Re: Claimed vulnerability in GTK_MODULES Kris Kennaway (Jan 04)
- Re: Claimed vulnerability in GTK_MODULES Owen Taylor (Jan 04)
- Re: Claimed vulnerability in GTK_MODULES Kris Kennaway (Jan 03)