> The new gtk-1.2.9 explicitely refuses to run in SUID programs.
> While it is probably not a good idea to run X apps as SUID
> anyway...
> ...
> c) update but comment out the SUID detection code in gtk
> d) update gtk but keep the old version as gtk-old or so,
>    make xcdroast use the old stuff

Gtk is not "probably not" SUID safe, it's guaranteed not safe or your
money back (because themes can be dynamically-loaded libraries and they
don't need to be installed anywhere special, so you just write a trojan
theme that runs "xterm -e /bin/sh" when it's asked to draw something,
and you're done.) And there's even sample code to do that in bugtraq
somewhere. So (c) and (d) are bad.

-- Dan