On Mon, 05 Mar 2001 14:10:29 EST, Havoc Pennington said: > Right. Adding something like a GTK_ALLOW_INSECURE environment variable > doesn't seem like a terrible idea, though it's too late to do so for > 1.2.9. Wrong. A hacker can just say 'export GTK_ALLOW_INSECURE' and then run his exploit. A better solution would be to have a global variable inside the GTK libs that the application itself could set if it was willing to take the risks. -- Valdis Kletnieks Operating Systems Analyst Virginia Tech
Attachment:
pgp266cUMkEyV.pgp
Description: PGP signature