Date: Wed, 3 Jan 2001 10:08:33 -0500 From: Rob Mosher <rmosher@LIGHTNING.NET> Subject: Re: gtk+ security hole. To: BUGTRAQ@SECURITYFOCUS.COM my mistake on this one, should be: if(geteuid() == getuid()) Rob Mosher wrote: > A simple fix to this would be to drop priveleges before calling > gtk_init(), another easy fix is to modify gtk itself, to do this you > need to make the following modification of gtkmain.c. In gtk-1.2.8 its > at approximately line 215, you have: > > env_string = getenv ("GTK_MODULES"); > > add the following line above it: > if(geteuid() != getuid()) -- Rob Mosher Lead Programmer / Systems Engineer Lightning Internet Services, LLC