Re: [gtk-list] How safe is GTK?

From: robert havoc pennington <rhpennin midway uchicago edu>
To: gtk-list redhat com
Subject: Re: [gtk-list] How safe is GTK?
Date: Mon, 11 May 1998 21:15:22 -0500 (CDT)

On Mon, 11 May 1998, Matt Kimball wrote:
>
> By the default 'make install' for mtr installs the binary as suid-root
> so that ordinary users can run it.  Now, as mtr gets closer to 1.0, I
> am starting to think seriously about the security issues.  Currently I
> am linking to libgtk and GTK+ code is being executed with root
> permissions, even when a user starts the program.
> 
> Is this a Bad Idea(tm)?  Or is it only a "Well, if you absolutely have
> to do it, it might be OK.  But be nervous."?
> 

There was a thread on gnome-list where Owen and Alan Cox both said this
was indeed a Bad Idea.

The solution is to use the program as root or use it via su. Or fix gsu in
the Gnome CVS tree, if you want all-GUI operation. The gnome-list thread
concluded that the simple gsu fix is to hack traditional su so that it
reads a password off stdin, then make a Gtk wrapper for the hacked su; the
hard gsu fix is something involving PAM that the Red Hat Labs people can
probably tell you about. The stdin fix is trivial but I haven't done it
since it would ideally involve correspondence with the upstream su
maintainer to get the changes merged, and people asked for PAM anyway; I
have no idea what the PAM fix would involve so I haven't done that either.
A volunteer is needed who understands all the issues.

Havoc Pennington ==== http://pobox.com/~hp

Follow-Ups:
- Re: [gtk-list] Re: How safe is GTK?
  - From: Eivind Kvedalen

References:
- How safe is GTK?
  - From: Matt Kimball

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]