Re: /var/games/package must be 770

To: debian-devel@lists.Debian.org
Cc: allomber@math.u-bordeaux.fr
Subject: Re: /var/games/package must be 770
From: Glenn Maynard <g_deb@zewt.org>
Date: Wed, 27 Feb 2002 16:22:30 -0500
Message-id: <[🔎] 20020227212230.GA28526@zewt.org>
Mail-followup-to: debian-devel@lists.Debian.org, allomber@math.u-bordeaux.fr
In-reply-to: <[🔎] 20020227174742.C12320@yellowpig>
References: <[🔎] 20020227174742.C12320@yellowpig>

On Wed, Feb 27, 2002 at 05:47:42PM +0100, Bill Allombert wrote:
> Policy 12.11 state that highscore files must be put in
> a directory with permission 770 root.games, and this is a

Nope.  It says "Each game decides on its own security policy."

> This is a minor security problem :  if the highscore is always

It's not a security problem.  It's a risk that people might put in fake
high scores.  (If you really want to call it "security", it's security
within the scope of a game, which doesn't really deserve any more
attention than any other normal bug, unlike real security problems.)

> drwxrwxr-x    2 root     games        4096 sep 22 02:41 bombardier
> drwxrwsr-x    3 root     games        4096 fév 20 14:50 falconseye
> drwxrwxr-x    2 root     games        4096 sep 28 16:28 omega-rpg
> drwxrwsr-x    2 root     games        4096 jui  3  2001 powermanga
> drwxrwsr-x    2 root     games        4096 sep 29 23:20 xpat2

All of these should be g+s, or the data files will be created with the
user's primary group.  If usergroups are on, that'll prevent anyone else 
from writing high scores.

-- 
Glenn Maynard

Reply to:

Follow-Ups:
- Re: /var/games/package must be 770
  - From: Bill Allombert <allomber@math.u-bordeaux.fr>

References:
- /var/games/package must be 770
  - From: Bill Allombert <allomber@math.u-bordeaux.fr>

Prev by Date: mozilla-*-cvs - is this wise?
Next by Date: Re: changing info on ITP
Previous by thread: /var/games/package must be 770
Next by thread: Re: /var/games/package must be 770
Index(es):
- Date
- Thread