Bugtraq mailing list archives
Re: gtk+ security hole.
From: Bryan Porter <bporter () GTW NET>
Date: Wed, 3 Jan 2001 15:30:10 -0600
I'm sorry, but this seems a bit much for me. My car has tires, and because the tires are kind of bad and over-engineered, I should'nt drive over 10MPH because they might explode? What? Fix the tires. Same thing here. "Don't make GTK+ program suid/setgid because it's based on another project with multiple potential vulnerabilites." Absolutely ridiculous. "Our tires suck because we bought cheap rubber." What? Bottom line, if GTK+ is broken, fix it. And if it can't safely run suid, then it is horribly broken. It's a graphic library for christs sake. And, if it so full of spaghetti code that it can't easily be fixed, then trash it. But the excuses given are ridiculous, period. No professional project would ever stand for this level of ineptitude. Qt works fine suid. And it's quite cross-platform. -----Original Message----- From: Robert van der Meulen [mailto:rvdm () CISTRON NL] Sent: Wednesday, January 03, 2001 10:46 AM To: BUGTRAQ () SECURITYFOCUS COM Subject: Re: gtk+ security hole. Hi, Quoting Kain (kain () CHAOSIUM NET):
On Tue, Jan 02, 2001 at 04:13:58PM -0500, Rob Mosher wrote:A simple fix to this would be to drop priveleges before calling gtk_init(), another easy fix is to modify gtk itself, to do this you need to make the following modification of gtkmain.c. In gtk-1.2.8 its at approximately line 215, you have:IMO, the best way to fix this would be to have libglib/gtk see if euid==0 and just ignore those variables on init, and quite possibly go so far as to ignore "engine" lines in .gtkrcs or maybe filter them....
In the official reply of the gtk+ team, several, very valid, reasons are given to _never_ have a suid/setgid gtk program. If a gtk program is suid, the suidness is a security hole on itself. I do not think gtk should be patched to behave differently when it's running suid/setgid, as this will only encourage people to make suid/setgid gtk programs, and we don't want that ;) If there's bugs in the gtk libs they should (ofcourse) be patched, but specific 'features' for evading problems occurring when running setuid/setgid should IMHO not be implemented. Just my $.02, Robert -- Linux Generation Life is a sexually transmitted disease with 100% mortality.
Current thread:
- gtk+ security hole. Chris Sharp (Jan 02)
- Re: gtk+ security hole. Rob Mosher (Jan 02)
- Re: gtk+ security hole. Rob Mosher (Jan 03)
- Re: gtk+ security hole. Rob Mosher (Jan 03)
- Re: gtk+ security hole. Kain (Jan 03)
- Re: gtk+ security hole. Robert van der Meulen (Jan 03)
- Re: gtk+ security hole. Wichert Akkerman (Jan 04)
- Re: gtk+ security hole. Rob Mosher (Jan 03)
- Re: gtk+ security hole. Rob Mosher (Jan 02)
- <Possible follow-ups>
- Re: gtk+ security hole. Bryan Porter (Jan 04)
- Re: gtk+ security hole. Crist Clark (Jan 05)
- Re: gtk+ security hole. Joe (Jan 05)
- Re: gtk+ security hole. Crispin Cowan (Jan 05)
- Re: gtk+ security hole. Bryan Porter (Jan 05)