Re: Permissions for level files
Ole J. Tetlie wrote:
> I maintain rocks-n-diamonds. The game has a builtin level
> creator. Up to now I have used a special group to allow
> some users to edit levels and had the binary sgid games to
> allow writing to the hiscore file.
>
> Now I want to get rid of the group rocksndiamonds. This means
> that all users will be able to edit the levels. Is this
> acceptable?
No, it might allow a cracker to get access to the account of another user
who played rocksndiamonds. (By finding some buffer overflow in the
level-reading code and constructing a level file that exploits it.)
--
see shy jo
Reply to: