[prev in list] [next in list] [prev in thread] [next in thread] 

List:       php-gtk-dev
Subject:    [PHP-GTK-DEV] GtkFileSelection security problem?
From:       24.51.119.192
Date:       2004-06-09 21:59:05
Message-ID: 20040609215906.41650.qmail () pb1 ! pair ! com
[Download RAW message or body]

I'm running a Linux box (Fedora Core 2), and I was working with the 
GtkFileSelection dialog, testing it and whatnot, when I stumbled across 
something rather odd.  I created a file and chown'd it to root.  Then, 
as a normal user, I opened the root-owned file using the 
GtkFileSelection dialog, and then, I opened the dialog again, chose the 
file, and clicked the delete button in the dialog.  It prompted me as to 
whether I wanted to delete it.  So, just to test it, I chose "Delete." 
It deleted the file.

I have tried it again with another file owned by root.  It continues to 
delete it.  It should not allow me to delete the file, but it is 
deleting it nonetheless.

BTW, I'm running PHP 4.3.7, if that makes a difference.

-- 
Regards,
  Ben Ramsey
  http://benramsey.com

---------------------------------------------------
http://www.phpcommunity.org/
Open Source, Open Community
Visit for more information or to join the movement.
---------------------------------------------------

-- 
PHP-GTK Development Mailing List (http://gtk.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[prev in list] [next in list] [prev in thread] [next in thread]