Re: information request regarding security issues with Gtk

From: Havoc Pennington <hp redhat com>
To: Mordechai Ovits <movits bloomberg com>
Cc: gtk-devel-list gnome org
Subject: Re: information request regarding security issues with Gtk
Date: 30 May 2001 22:09:06 -0400

Mordechai Ovits <movits bloomberg com> writes:
> I am trying to find information about potential security problems with Gtk.  
> Have any serious audits been done to the source code?  What problems can crop 
> up?

GTK should not be security-sensitive code. You've probably already
read:
 http://www.gtk.org/setuid.html

I'm not familiar with any other possible issues in GTK 1.2. The
development version (1.3.x) has some image loaders, there's a security
issue there for web browsers and the like reading images from the web;
before stable release an audit of those is likely. As with all
unstable software, 1.3.x should not yet be used in production.

Havoc

References:
- information request regarding security issues with Gtk
  - From: Mordechai Ovits

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]