[18410] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: gtk+ security hole.

daemon@ATHENA.MIT.EDU (Rob Mosher)
Wed Jan 3 12:03:44 2001

Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Message-Id:  <3A534071.6090007@lightning.net>
Date:         Wed, 3 Jan 2001 10:08:33 -0500
Reply-To: Rob Mosher <rmosher@LIGHTNING.NET>
From: Rob Mosher <rmosher@LIGHTNING.NET>
To: BUGTRAQ@SECURITYFOCUS.COM

my mistake on this one, should be:
if(geteuid() == getuid())

Rob Mosher wrote:

> A simple fix to this would be to drop priveleges before calling
> gtk_init(), another easy fix is to modify gtk itself, to do this you
> need to make the following modification of gtkmain.c.  In gtk-1.2.8 its
> at approximately line 215, you have:
>
>   env_string = getenv ("GTK_MODULES");
>
> add the following line above it:
>   if(geteuid() != getuid())



--
Rob Mosher
Lead Programmer / Systems Engineer
Lightning Internet Services, LLC


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[18410] in bugtraq

Re: gtk+ security hole.

daemon@ATHENA.MIT.EDU (Rob Mosher)Wed Jan 3 12:03:44 2001

daemon@ATHENA.MIT.EDU (Rob Mosher)
Wed Jan 3 12:03:44 2001