Hi,

David Fries <[EMAIL PROTECTED]> writes:

> Currently the shared memory region that gimp uses to communicate to
> and from plugins is readable and writable by every user on the system.
> This is not good.  I don't know what data or control information gimp
> puts in this shared region, but someone could at least view or corrupt
> your working image.  Anyway it isn't too hard to fix.
> 
> As far as I know plugins can only be run as the same user id as the
> gimp.  Unless this isn't the case the following patch needs to be
> applied.
> 
> Index: plug-in/plug-in.c
> ===================================================================
> RCS file: /cvs/gnome/gimp/app/plug-in/plug-in.c,v
> retrieving revision 1.180
> diff -u -r1.180 plug-in.c
> --- plug-in/plug-in.c 2002/05/21 10:58:30     1.180
> +++ plug-in/plug-in.c 2002/06/12 02:16:58
> @@ -192,7 +192,7 @@
>     */
>    
>  #ifdef HAVE_SHM_H
> -  shm_ID = shmget (IPC_PRIVATE, TILE_WIDTH * TILE_HEIGHT * 4, IPC_CREAT | 0777);
> +  shm_ID = shmget (IPC_PRIVATE, TILE_WIDTH * TILE_HEIGHT * 4, IPC_CREAT | 0600);
>    
>    if (shm_ID == -1)
>      g_message ("shmget() failed: Disabling shared memory tile transport.");
> 
> -- 

I've changed this in both branches and I've also changed the configure
script to use the same permissions when checking if shared memory is
available. Looks as if we should do a 1.2.4 release soon.


Salut, Sven
_______________________________________________
Gimp-developer mailing list
[EMAIL PROTECTED]
http://lists.xcf.berkeley.edu/mailman/listinfo/gimp-developer

Reply via email to