Re: setuid/setgid binaries contained in the Debian repository.
On Thu, Jul 31, 2003 at 06:37:53PM +0100, Steve Kemp wrote:
> On Thu, Jul 31, 2003 at 12:55:28PM -0400, Joey Hess wrote:
>
> > I'd like to see us move all of our setgid games (except, perhaps,
> > nethack) away from using global score files by default.
>
> I think that should be a good option, but I can see several
> games that might suffer by it.
>
> I'm loath to ask the user if it should be setgid in the installer
> because that's just needless distraction, but perhaps some global
> 'setgidnes' setting could be stored in /etc/games?
Personally, I would lean more towards having a setgid helper which writes to
the game's score file. It is possible to audit such helpers completely in a
short amount of time, and I feel that it would be far better to open
ourselves up to letting users forge their own high scores than to the
current exposures which are possible through group games.
--
- mdz
Reply to: