Some themes try to access files in /home/raster: [teg@halden themes]$ find -type f |xargs grep /home/raster ./BeCool/gtk/gtkrc:#module_path ".:/home/raster/themes" ./Gradient/gtk/gtkrc:#module_path ".:/home/raster/themes" ./Notif/gtk/gtkrc:#module_path ".:/home/raster/themes" ./Notif/gtk/gtkrc:pixmap_path ".:/home/raster/themes" ./Pixmap/gtk/gtkrc:#module_path ".:/home/raster/themes" ./Redmond95/gtk/gtkrc:#module_path ".:/home/raster/themes" ./Redmond95/gtk/gtkrc:pixmap_path ".:/home/raster/themes" [teg@halden themes]$ I discovered this when my computer tried mounting that directory... Nalin, being the paranoid security guy he is, wonders if this means someone owning that directory could explot this securitywise...
Fixed in gtk-engines-0.10-11. I don't believe there is a real security issue: a) The attacker would have to own /home/raster, which probably means they are root. b) There would have to be an exploitable buffer overflow in libjpeg or libpng, which would be a bigger problem for other reasons. (like email attachments)