David Fries <dfries@xxxxxxxxxxxx> writes: > Currently the shared memory region that gimp uses to communicate to > and from plugins is readable and writable by every user on the system. > This is not good. I don't know what data or control information gimp > puts in this shared region, but someone could at least view or corrupt > your working image. Anyway it isn't too hard to fix. > > As far as I know plugins can only be run as the same user id as the > gimp. Unless this isn't the case the following patch needs to be > applied. Yes, the plug-ins are simply forked and thus have the same uid. The patch looks like the right thing to do to me. If nobody objects for some reason, it will be applied to both the stable and unstable trees. thanks for spotting this, --mitch
