Bugtraq mailing list archives
Re: gtk+ security hole.
From: Wichert Akkerman <wichert () CISTRON NL>
Date: Thu, 4 Jan 2001 00:46:58 +0100
Previously Robert van der Meulen wrote:
In the official reply of the gtk+ team, several, very valid, reasons are given to _never_ have a suid/setgid gtk program.
I would generalize that a bit more: never use a suid X program. X is really large, has never been properly audited, and in the last year we've seen a number of security problems found in it. If you need suid use a seperate minimal suid helper (or use userv) instead. Wichert. -- ________________________________________________________________ / Generally uninteresting signature - ignore at your convenience \ | wichert () cistron nl http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
Current thread:
- gtk+ security hole. Chris Sharp (Jan 02)
- Re: gtk+ security hole. Rob Mosher (Jan 02)
- Re: gtk+ security hole. Rob Mosher (Jan 03)
- Re: gtk+ security hole. Rob Mosher (Jan 03)
- Re: gtk+ security hole. Kain (Jan 03)
- Re: gtk+ security hole. Robert van der Meulen (Jan 03)
- Re: gtk+ security hole. Wichert Akkerman (Jan 04)
- Re: gtk+ security hole. Rob Mosher (Jan 03)
- Re: gtk+ security hole. Rob Mosher (Jan 02)
- <Possible follow-ups>
- Re: gtk+ security hole. Bryan Porter (Jan 04)
- Re: gtk+ security hole. Crist Clark (Jan 05)
- Re: gtk+ security hole. Joe (Jan 05)
- Re: gtk+ security hole. Crispin Cowan (Jan 05)
- Re: gtk+ security hole. Bryan Porter (Jan 05)