[18415] in bugtraq
Re: gtk+ security hole.
daemon@ATHENA.MIT.EDU (Kain)
Wed Jan 3 13:03:56 2001
Mail-Followup-To: BUGTRAQ@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="lc9FT7cWel8HagAv"
Content-Disposition: inline
Message-Id: <20010103020807.D1433@artemis.infodump.net>
Date: Wed, 3 Jan 2001 02:08:08 -0600
Reply-To: Kain <kain@CHAOSIUM.NET>
From: Kain <kain@CHAOSIUM.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <3A524496.5090703@lightning.net>; from rmosher@LIGHTNING.NET on
Tue, Jan 02, 2001 at 04:13:58PM -0500
--lc9FT7cWel8HagAv
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Jan 02, 2001 at 04:13:58PM -0500, Rob Mosher wrote:
> A simple fix to this would be to drop priveleges before calling
> gtk_init(), another easy fix is to modify gtk itself, to do this you
> need to make the following modification of gtkmain.c. In gtk-1.2.8 its
> at approximately line 215, you have:
Is this bug also in the glib/gtk 2 code? Bad things could also be done wit=
h this by writing your own gtk-engine and putting your evil code to load in=
.gtkrc...
I'm no toolkit expert, but with the theming support in Qt2, does it have si=
milar rendering-module support?
IMO, the best way to fix this would be to have libglib/gtk see if euid=3D=
=3D0 and just ignore those variables on init, and quite possibly go so far =
as to ignore "engine" lines in .gtkrcs or maybe filter them....
--=20
Art is a lie which makes us realize the truth.
-- Picasso
**
Evil Genius
Bryon Roche, Kain <kain@chaosium.net>
--lc9FT7cWel8HagAv
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6Ut3nBK2G/mh4q9URAk75AJ9HZe8OAXxhRSnXRGlA8a0S36xSdgCfcV5w
ktAc2CSLZevrrc+i4xFRUEk=
=GaKS
-----END PGP SIGNATURE-----
--lc9FT7cWel8HagAv--
