R-310: Gimp Security Vulnerabilities

2 More Discussions You Might Find Interesting

1. Solaris

Solaris 9 Exam 310-014 & 310-015 Can anyone recommend some good study guides?

Hello, I'm going to be studying for my Solaris 9 System Administrator Certification and wondered if anyone had taken the exams and could recommend some good study guides / crams / books. Cheers,

2. Solaris

Advice - Solaris 9 Exam 310-014 & 310-015

I think I am ready for the 310-014 exam but not quite ready for the 310-015 exam as I still have a lot of study and practice to do to prepare for it.. Do most people sit the 014 exam and then prepare for the second exam? Any advice on how to tackle these is appreciated..

LEARN ABOUT REDHAT

gimp::net

Net(3)							User Contributed Perl Documentation						    Net(3)

NAME

       Gimp::Net - Communication module for the gimp-perl server.

SYNOPSIS

	 use Gimp;

DESCRIPTION

       For Gimp::Net (and thus commandline and remote scripts) to work, you first have to install the "Perl-Server" extension somewhere where Gimp
       can find it (e.g in your .gimp/plug-ins/ directory). Usually this is done automatically while installing the Gimp extension. If you have a
       menu entry "<Xtns"/Perl-Server> then it is probably installed.

       The Perl-Server can either be started from the "<Xtns"> menu in Gimp, or automatically when a perl script can't find a running Perl-Server.

       When started from within The Gimp, the Perl-Server will create a unix domain socket to which local clients can connect. If an authorization
       password is given to the Perl-Server (by defining the environment variable "GIMP_HOST" before starting The Gimp), it will also listen on a
       tcp port (default 10009). Since the password is transmitted in cleartext, using the Perl-Server over tcp effectively lowers the security of
       your network to the level of telnet. Even worse: the current Gimp::Net-protocol can be used for denial of service attacks, i.e. crashing
       the Perl-Server. There also *might* be buffer-overflows (although I do care a lot for these).

ENVIRONMENT

       The environment variable "GIMP_HOST" specifies the default server to contact and/or the password to use. The syntax is [auth@][tcp/]host-
       name[:port] for tcp, [auth@]unix/local/socket/path for unix and spawn/ for a private gimp instance. Examples are:

	www.yahoo.com		    # just kidding ;)
	yahoo.com:11100 	    # non-standard port
	tcp/yahoo.com		    # make sure it uses tcp
	authorize@tcp/yahoo.com:123 # full-fledged specification

	unix/tmp/unx		    # use unix domain socket
	password@unix/tmp/test	    # additionally use a password

	authorize@		    # specify authorization only

	spawn/			    # use a private gimp instance
	spawn/nodata		    # pass --no-data switch
	spawn/gui		    # don't pass -n switch

CALLBACKS

       net()
	   is called after we have succesfully connected to the server. Do your dirty work in this function, or see Gimp::Fu for a better solu-
	   tion.

FUNCTIONS

       server_quit()
	   sends the perl server a quit command.

       get_connection()
	   return a connection id which uniquely identifies the current connection.

       set_connection(conn_id)
	   set the connection to use on subsequent commands. "conn_id" is the connection id as returned by get_connection().

BUGS

       (Ver 0.04) This module is much faster than it ought to be... Silly that I wondered wether I should implement it in perl or C, since perl is
       soo fast.

AUTHOR

       Marc Lehmann <pcg@goof.com>

SEE ALSO

       perl(1), Gimp.

perl v5.8.0							    2001-12-06								    Net(3)

Security Advisories (RSS)