Re: Getting root privilege

From: Jonathan Irwin <jmi25 cam ac uk>
To: <gtk-app-devel-list gnome org>
Subject: Re: Getting root privilege
Date: Wed, 14 Feb 2001 18:45:02 +0000 (GMT)

On Wed, 14 Feb 2001 JParker coinstar com wrote:

G'Day !

Good article that gives you a general idea of how to change user
priviledges.  It's a securrity article, so oit explains potenial exploits
also  :-)

http://www.linuxfocus.org/English/January2001/article182.shtml

<...>

I have only briefly skimmed the article, but in general having GTK
applications setuid to root is something which should be avoided if at all
possible (the GTK library was not designed for this purpose, so there
could be all sorts of security holes in there).

In most cases it should be possible to avoid having a GTK application
setuid to root.  If you need access to specific /dev entries, then you can
make the app setgid instead, which removes some of the risk involved.
Otherwise, it might be worth considering using a helper which runs setuid
root and does not call GTK, passing control information over a Unix
socket or a pipe to the GTK app instead (and being very careful with it's
input).

Jonathan

Follow-Ups:
- Re: Getting root privilege
  - From: Havoc Pennington

References:
- Re: Getting root privilege
  - From: JParker

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]