Re: gtk+ security hole. (fwd)

From: Erik Mouw <J A K Mouw ITS TUDelft NL>
To: Havoc Pennington <hp redhat com>, otaylor redhat com
Cc: Alan Olsen <alan clueserver org>, gtk-devel-list gnome org
Subject: Re: gtk+ security hole. (fwd)
Date: Wed, 3 Jan 2001 19:46:53 +0100

On Wed, Jan 03, 2001 at 12:36:47AM -0500, Havoc Pennington wrote:
> Alan Olsen <alan clueserver org> writes:
> > This was the proposed fix for the problem. Use or discard as you see
> > fit...
> > 
> 
> This "hole" has come up a number of times, it is a known feature of
> GTK+. The official position is that it is not a bug. Owen wrote
> up an Official Final Answer On Why This Is Not A Bug to post to
> Bugtraq tomorrow.

OK, thanks for the explanation Owen, it just came by on BugTraq. Is the
URL you put in the message (http://www.gtk.org/setuid.html) somewhere
linked from the GTK+ site? I couldn't find it, but I admit I gave up
after the FAQ and the tutorial ;-).


Erik

-- 
J.A.K. (Erik) Mouw, Information and Communication Theory Group, Department
of Electrical Engineering, Faculty of Information Technology and Systems,
Delft University of Technology, PO BOX 5031,  2600 GA Delft, The Netherlands
Phone: +31-15-2783635  Fax: +31-15-2781843  Email: J A K Mouw its tudelft nl
WWW: http://www-ict.its.tudelft.nl/~erik/

Follow-Ups:
- Re: gtk+ security hole. (fwd)
  - From: Trog

References:
- Re: gtk+ security hole. (fwd)
  - From: Alan Olsen
- Re: gtk+ security hole. (fwd)
  - From: Havoc Pennington

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]