[fpc-pascal] Resource strings, passwords etc.

Mark Morgan Lloyd markMLl.fpc-pascal at telemetry.co.uk
Wed Jul 13 15:33:01 CEST 2016

Tony Whyman wrote:
> What's interested me is how this thread has almost looped back to a 
> recent thread on that steaming heap of brown stuff know as GTK and the 
> attitude of the programmers behind it.

It wasn't intentional :-)

> They make the point here that GTK is (too) complex and 
> difficult to analyse hence setuid (and setgid) is bad on the grounds 
> that no one knows how it could be mis-used.

> Assuming that this problem still exists in GTK2, it may get in the way 
> of what otherwise could be a good way to solve the original problem in 
> this thread.

There's certainly still problems setting running something setuid root, 
I can't speak for using a less-privileged user. I think you might be 
able to work around some (but not all) of the issues using capabilities.

The thing that I found most incredible about the attitude of the GTK 
developers was that they used the fact that Linux changes /internal/ 
interfaces as a precedent that they claimed justified their changing 
/external/ APIs (i.e. as available to application programmers).

Mark Morgan Lloyd
markMLl .AT. telemetry.co .DOT. uk

[Opinions above are the author's, not those of his employers or colleagues]

More information about the fpc-pascal mailing list