<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/loose.dtd"> <HTML ><HEAD ><TITLE >How do I write security sensitive/SUID/SGID programs with GTK+? Is GTK+ secure? What's this GTK_MODULES security hole I heard about? [GTK 2.x]</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK REL="HOME" TITLE="GTK+ FAQ" HREF="book1.html"><LINK REL="UP" TITLE="Development with GTK+: the begining" HREF="c377.html"><LINK REL="PREVIOUS" TITLE="How do I use the Glade GUI builder with GTK+? [GTK 2.x]" HREF="x385.html"><LINK REL="NEXT" TITLE="I tried to compile a small Hello World of mine, but it failed. Any clue? [GTK 2.x]" HREF="x399.html"></HEAD ><BODY CLASS="SECT1" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="NAVHEADER" ><TABLE SUMMARY="Header navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="3" ALIGN="center" >GTK+ FAQ</TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="bottom" ><A HREF="x385.html" ACCESSKEY="P" ><<< Previous</A ></TD ><TD WIDTH="80%" ALIGN="center" VALIGN="bottom" >Development with GTK+: the begining</TD ><TD WIDTH="10%" ALIGN="right" VALIGN="bottom" ><A HREF="x399.html" ACCESSKEY="N" >Next >>></A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><DIV CLASS="SECT1" ><H1 CLASS="SECT1" ><A NAME="AEN392" >How do I write security sensitive/SUID/SGID programs with GTK+? Is GTK+ secure? What's this GTK_MODULES security hole I heard about? <I CLASS="EMPHASIS" >[GTK 2.x]</I ></A ></H1 ><P >The short answer to this question is: you can't, so don't write SUID/SGID programs with GTK+</P ><P >GTK+ will refuse to run with elevated privileges, as it is not designed to be used in this manner. The only correct way to write a setuid program with a graphical user interface is to have a setuid backend that communicates with the non-setuid graphical user interface via a mechanism such as a pipe and that considers the input it receives to be untrusted.</P ><P >For a more thorough explanation of the GTK+ Developers position on this issue see <A HREF="http://www.gtk.org/setuid.html" TARGET="_top" >http://www.gtk.org/setuid.html</A >.</P ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="x385.html" ACCESSKEY="P" ><<< Previous</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="book1.html" ACCESSKEY="H" >Home</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="x399.html" ACCESSKEY="N" >Next >>></A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >How do I use the Glade GUI builder with GTK+? <I CLASS="EMPHASIS" >[GTK 2.x]</I ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="c377.html" ACCESSKEY="U" >Up</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >I tried to compile a small <B CLASS="COMMAND" >Hello World</B > of mine, but it failed. Any clue? <I CLASS="EMPHASIS" >[GTK 2.x]</I ></TD ></TR ></TABLE ></DIV ></BODY ></HTML >