On Thu, Dec 06, 2007 at 09:56:59AM -0500, Douglas A. Tutty wrote: > I don't have previous threads stored on my box, so I can't link this > into the right thread. > > There was a thread in the last few days from someone who felt that they > need to run the westnoth game as root to access some kind of > framebuffer. > > As a concrete example of why this should be avoided, I note today's > security announcement on the game that there is a bug which allows an > attacker to read any file to which the user running the game has access. > > Some attacker could have read the shadow-password file (heh, the whole > /etc), crack all the passwords, and just be waiting for ssh to open port > 22. Pubkey wouldn't help since they'd also have read your ~/.ssh/ > > Doug. > > I figured out my problem and fixed it actually, and I stopped running everything through sudo. The only things I use sudo for now is iptables, halt and reboot (So that I don't have to type a password just to use those). Thanks for the heads up though, very much appreciated. -- If programmers deserve to be rewarded for creating innovative programs, by the same token they deserve to be punished if they restrict the use of these programs. - Richard Stallman
Attachment:
signature.asc
Description: Digital signature