Re: /var/games/package must be 770
On Fri, Mar 01, 2002 at 03:04:20PM +0100, Bill Allombert wrote:
> On Fri, Mar 01, 2002 at 09:06:16AM +0100, Eric Van Buggenhaut wrote:
> > On Wed, Feb 27, 2002 at 05:47:42PM +0100, Bill Allombert wrote:
> > > This is a minor security problem : if the highscore is always
> > > created by root, /var/games/<package>/ can be 755 as well.
> > > Else there is the risk the high score files became owned by a
> > > normal user. Since the directory is 775 and not 770, this user
> > > can overwrite the highscore file and create security problems.
> > >
> >
> > Sorry, I'm losing you here. If the dir is 775, then root and group
> > games can read-write the files within this and others may read these
> > files but certainly not overwrite them.
> >
> > How do you see it a problem that normal users may _read_ high score files ?
>
> When you run a setgid binary you still own the files you create. When you own a file you
> overwrite it *unless* it is in a directory you can not chdir in.
>
> There is no way to allow a user to read a file he own but to disallow him to
> overwrite it.
>
> So either highscore files are created owned by root at the installation of the
> game and there is no reaon to have the directory writable by games, either they
> are created by the first user who play the game and then they should in a 770
> (or 774) directory.
>
Here's my setup for crafty and I don't see any security flaw:
[eric@femto]$ ls -ld /var/lib/crafty/
drwxr-xr-x 3 root root 1024 fév 28 12:21 /var/lib/crafty/
[eric@femto]$ ls -l /var/lib/crafty/
total 4490
-rw-rw-r-- 1 root games 4442112 fév 28 12:19 book.bin
-rw-rw-r-- 1 root games 1 mar 1 18:57 book.lrn
-rw-rw-r-- 1 root games 132528 fév 28 12:19 books.bin
-rw-rw-r-- 1 root games 8 fév 28 12:01 position.bin
drwxr-xr-x 2 root games 1024 fév 28 12:21 TB
[eric@femto]$ echo 'test' > /var/lib/crafty/book.lrn
[eric@femto]$ less /var/lib/crafty/book.lrn
test
[eric@femto]$ ls -l /var/lib/crafty/book.lrn
-rw-rw-r-- 1 root games 5 mar 1 19:09 /var/lib/crafty/book.lrn
[eric@femto]$ rm -f /var/lib/crafty/book.lrn
[eric@femto]$ rm -f /var/lib/crafty/book.lrn
rm: cannot unlink `/var/lib/crafty/book.lrn': Permission denied
I can write to the opening books files, but I can't change their permission, their ownership, nor can I delete them.
Where does the problem reside, IYO ?
--
Eric VAN BUGGENHAUT "Hay tampones y tampones..." (Eva Serrano)
Andago
\_|_/ Av. Santa Engracia, 54
\/ \/ E-28010 Madrid - tfno:+34(91)2041100
a n d a g o |-- http://www.andago.com
/\___/\ "Innovando en Internet"
/ | \ eric@andago.com
Reply to: