Re: information request regarding security issues with Gtk



Mordechai Ovits <movits bloomberg com> writes:
> I am trying to find information about potential security problems with Gtk.  
> Have any serious audits been done to the source code?  What problems can crop 
> up?

GTK should not be security-sensitive code. You've probably already
read:
 http://www.gtk.org/setuid.html

I'm not familiar with any other possible issues in GTK 1.2. The
development version (1.3.x) has some image loaders, there's a security
issue there for web browsers and the like reading images from the web;
before stable release an audit of those is likely. As with all
unstable software, 1.3.x should not yet be used in production.

Havoc




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]