[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Permissions for level files

Ole J. Tetlie wrote:
> I maintain rocks-n-diamonds. The game has a builtin level
> creator. Up to now I have used a special group to allow
> some users to edit levels and had the binary sgid games to
> allow writing to the hiscore file.
> Now I want to get rid of the group rocksndiamonds. This means
> that all users will be able to edit the levels. Is this
> acceptable?

No, it might allow a cracker to get access to the account of another user
who played rocksndiamonds. (By finding some buffer overflow in the
level-reading code and constructing a level file that exploits it.)

see shy jo

Reply to: