On 2020-02-23 22:10, marc wrote:
> If I understand you correctly, you propose a simple gtk
> program that is setuid (so that it can read /etc/shadow, and
> grant root privileges). The problem is that there is no such
> thing as a simple gtk program. This is not comment limited to
> gtk programs - most graphical toolkits and libraries present
> a pretty large attack surface - they contain large protocol
> interpreters and font rendering engines, flaws in which could
> then be exploited to give root access without any password
> whatsoever.

The author of XScreenSaver, Jamie Zawinski, has some FAQ [1] entries and a separate page [2] explaining why he never used GTK or other graphical toolkits for XScreenSaver development. Perhaps some of those ideas may be relevant to this gkexec project?

[1] https://www.jwz.org/xscreensaver/faq.html#toolkits
[2] https://www.jwz.org/xscreensaver/toolkits.html

—Tom