Re: Permissions for level files

To: "Ole J. Tetlie" <olet@ifi.uio.no>, debian-devel@lists.debian.org
Subject: Re: Permissions for level files
From: Joey Hess <joey@kitenet.net>
Date: Mon, 21 Sep 1998 14:03:35 -0700
Message-id: <[🔎] 19980921140335.I25170@kitenet.net>
Mail-followup-to: "Ole J. Tetlie" <olet@ifi.uio.no>, debian-devel@lists.debian.org
In-reply-to: <[🔎] 87ogscnyo0.fsf@ifi.uio.no>; from Ole J. Tetlie on Sat, Sep 19, 1998 at 01:13:03PM +0200
References: <[🔎] 87ogscnyo0.fsf@ifi.uio.no>

Ole J. Tetlie wrote:
> I maintain rocks-n-diamonds. The game has a builtin level
> creator. Up to now I have used a special group to allow
> some users to edit levels and had the binary sgid games to
> allow writing to the hiscore file.
> 
> Now I want to get rid of the group rocksndiamonds. This means
> that all users will be able to edit the levels. Is this
> acceptable?

No, it might allow a cracker to get access to the account of another user
who played rocksndiamonds. (By finding some buffer overflow in the
level-reading code and constructing a level file that exploits it.)

-- 
see shy jo

Reply to:

Follow-Ups:
- Re: Permissions for level files
  - From: john@dhh.gt.org

References:
- Permissions for level files
  - From: olet@ifi.uio.no (Ole J. Tetlie)

Prev by Date: Re: Uploaded dpkg 1.4.0.28 (source i386 all) to master
Next by Date: Re: Uploaded dpkg 1.4.0.28 (source i386 all) to master
Previous by thread: Re: Permissions for level files
Next by thread: Re: Permissions for level files
Index(es):
- Date
- Thread