Currently the shared memory region that gimp uses to communicate to and from plugins is readable and writable by every user on the system. This is not good. I don't know what data or control information gimp puts in this shared region, but someone could at least view or corrupt your working image. Anyway it isn't too hard to fix.
As far as I know plugins can only be run as the same user id as the
gimp. Unless this isn't the case the following patch needs to be
applied.
Index: plug-in/plug-in.c
===================================================================
RCS file: /cvs/gnome/gimp/app/plug-in/plug-in.c,v
retrieving revision 1.180
diff -u -r1.180 plug-in.c
--- plug-in/plug-in.c 2002/05/21 10:58:30 1.180
+++ plug-in/plug-in.c 2002/06/12 02:16:58
@@ -192,7 +192,7 @@
*/
#ifdef HAVE_SHM_H
- shm_ID = shmget (IPC_PRIVATE, TILE_WIDTH * TILE_HEIGHT * 4, IPC_CREAT | 0777);
+ shm_ID = shmget (IPC_PRIVATE, TILE_WIDTH * TILE_HEIGHT * 4, IPC_CREAT | 0600);
if (shm_ID == -1)
g_message ("shmget() failed: Disabling shared memory tile transport.");
--
+---------------------------------+
| David Fries |
| [EMAIL PROTECTED] |
| http://fries.net/~david/pgp.txt |
+---------------------------------+
msg02630/pgp00000.pgp
Description: PGP signature
