Hi,
David Fries <dfries@xxxxxxxxxxxx> writes:
> Currently the shared memory region that gimp uses to communicate to
> and from plugins is readable and writable by every user on the system.
> This is not good. I don't know what data or control information gimp
> puts in this shared region, but someone could at least view or corrupt
> your working image. Anyway it isn't too hard to fix.
>
> As far as I know plugins can only be run as the same user id as the
> gimp. Unless this isn't the case the following patch needs to be
> applied.
>
> Index: plug-in/plug-in.c
> ===================================================================
> RCS file: /cvs/gnome/gimp/app/plug-in/plug-in.c,v
> retrieving revision 1.180
> diff -u -r1.180 plug-in.c
> --- plug-in/plug-in.c 2002/05/21 10:58:30 1.180
> +++ plug-in/plug-in.c 2002/06/12 02:16:58
> @@ -192,7 +192,7 @@
> */
>
> #ifdef HAVE_SHM_H
> - shm_ID = shmget (IPC_PRIVATE, TILE_WIDTH * TILE_HEIGHT * 4, IPC_CREAT | 0777);
> + shm_ID = shmget (IPC_PRIVATE, TILE_WIDTH * TILE_HEIGHT * 4, IPC_CREAT | 0600);
>
> if (shm_ID == -1)
> g_message ("shmget() failed: Disabling shared memory tile transport.");
>
> --
I've changed this in both branches and I've also changed the configure
script to use the same permissions when checking if shared memory is
available. Looks as if we should do a 1.2.4 release soon.
Salut, Sven
