1
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/loose.dtd">
5
>How do I write security sensitive/SUID/SGID programs with GTK+?
6
Is GTK+ secure? What's this GTK_MODULES security hole I heard about?
10
CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
13
HREF="book1.html"><LINK
15
TITLE="Development with GTK+: the begining"
16
HREF="c387.html"><LINK
18
TITLE="How do I use the Glade GUI builder with GTK+? [GTK 2.x]"
19
HREF="x395.html"><LINK
21
TITLE="I tried to compile a small Hello World of mine,
22
but it failed. Any clue? [GTK 2.x]"
23
HREF="x409.html"></HEAD
34
SUMMARY="Header navigation table"
53
><<< Previous</A
59
>Development with GTK+: the begining</TD
67
>Next >>></A
80
>How do I write security sensitive/SUID/SGID programs with GTK+?
81
Is GTK+ secure? What's this GTK_MODULES security hole I heard about?
88
>The short answer to this question is: you can't, so don't write SUID/SGID
91
>GTK+ will refuse to run with elevated privileges, as it is not designed
92
to be used in this manner. The only correct way to write a setuid program with
93
a graphical user interface is to have a setuid backend that communicates with
94
the non-setuid graphical user interface via a mechanism such as a pipe and that
95
considers the input it receives to be untrusted.</P
97
>For a more thorough explanation of the GTK+ Developers position on
99
HREF="http://www.gtk.org/setuid.html"
101
>http://www.gtk.org/setuid.html</A
109
SUMMARY="Footer navigation table"
122
><<< Previous</A
140
>Next >>></A
148
>How do I use the Glade GUI builder with GTK+? <I
165
>I tried to compile a small <B
169
but it failed. Any clue? <I
b'\\ No newline at end of file'