On Thu, Jun 13, 2002 at 06:08:17PM -0700, Nathan Carl Summers wrote:
> > In any case, if a plugin needs to be setuid, then it had better be
> > written by somewhat security-conscious people (or you've got a whole
> > larger set of problems...), so fixing a shared memory ownership issue
> > on that end is going to be a breeze.
> Never assume that just because someone makes something setuid they know
> what they are doing.  (also don't assume it's always setuid root).
Maybe I should just post directly from my @openbsd.org address.
My comment was somewhat tongue-in-cheek.

OF COURSE, quite a few people write Unix programs not knowing what they're
doing. And sadly, quite a few people write setuid stuff not knowing
what they are doing, at all.  If this shm issue comes from some programmer
`needing it' for some setuid plugin of his, it is very obvious (and 
sad) that programmer doesn't know enough about Unix programming to be
writing setuid programs...
Gimp-developer mailing list

Reply via email to