Gtk doesn't "break" with setgid. It refuses to run with more priviledges
by design (to prevent ignorant users from breaking their security). You
cannot have secure UI libraries, they are just too large and complex (I
think Gtk is some 500 KLOCs) and rely on too many external libraries.
Gtk loads following kinds of plugins dynamically at run-time:
- input methods
- text layout engines
- image loaders
E.g. theme engines are specified in theme rc files and which rc file is
loaded can be specified with an environment variable.
As another commentor mentioned, the normal practice for things requiring
more priviledges is to do them in a separate process.
Secure programs should:
- Not have any extra or dynamic dependencies
- Do only one thing and do it well so that they are as small / clean as
possible (= easy to audit)
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds