[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#3183: permissions problems with /var/lib/games

Austin Donnelly writes ("Bug#3183: permissions problems with /var/lib/games"):
> I would suggest:
>   drwxrwx--- games/games
> and then make all games setuid games or setgid games (with preference
> to being setgid).

The permissions on /var/lib/games should be drwxrwxr-x root.root.

This is so that each game can decide on its own security policy.  For
example, for some games it is good to be able to read the high score
table without needing a set-id program.

Games which need to keep score files, save games, &c, safe from prying
eyes and or fingers should be set-*g*id to games and use files and
directories with appropriate permissions.

They should *not* be set-*u*id games.  If they are then anyone who
manages to break the security of any game can get control of the
account of any game-player quite easily by trojanning a game binary,
rather than only getting control over all the games' saved data (and
possibly getting access to other players' accounts with considerably
more effort).


Reply to: