[pygtk] running pygtk application with root privileges
Johan Dahlin
jdahlin at async.com.br
Sat Mar 17 01:15:18 WST 2007
Miki wrote:
> Yeah , I did it with small C program that do setuid() and then running
> the pygtk program, and it's working great :)
Don't do that.
You'll still have all the backdoors, it's just that GTK+ can't discover that
you're actually running the program as a user and not as root.
If I am an unprivileged user on your system I can easily gain root access by
creating a small gtk module and pointing the GTK_MODULE environment variable
to it. Or write my own pixbuf loader module, etc etc.
--
Johan Dahlin <jdahlin at async.com.br>
Async Open Source
More information about the pygtk
mailing list