How safe is GTK?

From: Matt Kimball <mkimball xmission com>
To: gtk-list redhat com
Subject: How safe is GTK?
Date: Mon, 11 May 1998 15:43:40 -0700

As some of you know, I have written a traceroute replacement which
happens to have a GTK+ front-end.  (See http://www.mkimball.org/mtr.html).
Since it needs access to raw sockets to deal with ICMP packets, it
needs to run as root, at least long enough to request a IPPROTO_RAW
socket.

By the default 'make install' for mtr installs the binary as suid-root
so that ordinary users can run it.  Now, as mtr gets closer to 1.0, I
am starting to think seriously about the security issues.  Currently I
am linking to libgtk and GTK+ code is being executed with root
permissions, even when a user starts the program.

Is this a Bad Idea(tm)?  Or is it only a "Well, if you absolutely have
to do it, it might be OK.  But be nervous."?

Now in the case of mtr it really isn't necessary.  I can get the raw
sockets, and then drop to user permissions.  (And I am about to change
the code to do this).

But, I still wonder, how safe is GTK?  What if a program absolutely
needed to have root permissions the entire time?  Has anyone ever
audited the GTK code for security?

-- 
Matt Kimball
mkimball@xmission.com

Follow-Ups:
- Re: [gtk-list] How safe is GTK?
  - From: robert havoc pennington
- Re: [gtk-list] How safe is GTK?
  - From: Sebastien Carpe
- Re: [gtk-list] How safe is GTK?
  - From: Miguel de Icaza

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]