Re: gtk+-1.2.10

[Owen Taylor <otaylor redhat com>]

"J. Ali Harlow" <gtk-list optosun7 city ac uk> writes:

> On Sun, 11 Mar 2001, Owen Taylor wrote:
> > There will be a 1.2.10 out soon with this and some other minor fixes,
> > and I think also a doc / configure change to tell people that
> > --with-xinput=gxi is use-at-your-own risk stuff.
> 
> Good to know. Have the GTK+ team come to a view on a mechanism to override the
> setguid check? If not, is there any chance you could so before 1.2.10 is
> released. I'll happily log a bug if that would be appropriate.

Please repeat after me:

 By making the GTK+ application run setgid, you would make the files,
 and all other files and directories owned by that user
 world writeable for all practical purposes.

Do you still need a mechanism other than simply making the files
world writeable knowing that? 

With the setgid operation you had with GTK+-1.2.8, any user can change
any of their saved games, any of the score files, and any of any
any other user's saved games.

With a change to the permissions, and no setgid operation, you
would at least remove the ability change other user's saved
games.

Please just fix your application. In the quick look I took GTK+
frontend is only 7000 lines or so, with a strong separation between
that and the core. Splitting that apart into a separate process
is simply not that hard.

Regards,
                                        Owen

[ The only workaround that I'd even consider is an Havoc's
  suggesting of an environment variable like:

   GTK_ENABLE_SETUGID_HAXORING

 Though it would worry me that people who don't understand
 setugid GTK+ is equivalent to a setugid shell would try
 to set that from their source code. ]