Why GTK_MODULES is not a security hole

34

Author: JT Smith

“In the opinion of the GTK+ team, the only correct way to write a
setuid program with a graphical user interface is to have a setuid
backend that communicates with the non-setuid graphical user interface
via a mechanism such as a pipe and that considers the input it
receives to be untrusted.” More at LWN.net.

Category:

  • Linux