Re: [gtk-list] Re: gtkrc
- From: Tim Janik <timj gtk org>
- To: gtk-list redhat com
- Subject: Re: [gtk-list] Re: gtkrc
- Date: Fri, 16 Apr 1999 23:41:53 +0200 (CEST)
On Fri, 16 Apr 1999, Paul Barton-Davis wrote:
> In message <Pine.BSF.4.02A.9904151829530.25828-100000@zirx.pair.com>you write:
> >
> >On Thu, 15 Apr 1999, Erik Mouw wrote:
> >> >
> >> > Is that strictly true? What if the GTK app is suid root?
> >>
> >> Is GTK safe enough to be used in suid root programs?
> >>
> >
> >No. Doing so would be a terrible idea (even if every effort had been made
> >to make Gtk safe enough - it's a huge amount of code that has no reason to
> >be suid).
>
> What about a program that wants to use POSIX RT scheduling ?
>
> The stuff I'm working on is just such a beast. Its multithreaded, and
> relinquishes all priviledge once its got RT scheduling established,
> right now, gtk_init() is being called very early when its still euid = 0.
>
> Should I change this ?
yes definitely, especially since gtk+ allowes loading of additional modules.
so in theory users could use your program as a trampoline to execute
any code with the userid that your program has when you call gtk_init().
(we've had some discussions on this topic in the pat, and the general
consensus was that if you need suid priviledges, you better don't use
any gtk/gdk at all).
>
> --p
>
---
ciaoTJ
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]