On Thu, 13 Jun 2002, Marc Espie wrote:
> On Thu, Jun 13, 2002 at 05:48:58PM +0200, RaphaŽl Quinet wrote:
> > Also, I think that some old systems (AIX? HP-UX?) had problems with
> > shared memory segments unless they were created with the mode 777.
> > This is very vague and I cannot find any information about that, so
> > maybe this is just a brain fart on my part.
> This is quite possible, but it is no excuse to keep a security hole
> around. In the worst case, write a configure test, and resort to mode 777
> only if nothing else works.

It should default to no shared memory if the proper permissions don't
work.  (There could, of course, be a sufficiently omninous-sounding option
to configure that would use 777 if the correct permissions don't work; I
suggest --enable-shm-security-hole)

> In any case, if a plugin needs to be setuid, then it had better be
> written by somewhat security-conscious people (or you've got a whole
> larger set of problems...), so fixing a shared memory ownership issue
> on that end is going to be a breeze.

Never assume that just because someone makes something setuid they know
what they are doing.  (also don't assume it's always setuid root).


Gimp-developer mailing list

Reply via email to