Re: /var/games/package must be 770
On Thu, Feb 28, 2002 at 02:00:51PM +0100, Bill Allombert wrote:
> > > This is a minor security problem : if the highscore is always
> >
> > It's not a security problem. It's a risk that people might put in fake
> > high scores. (If you really want to call it "security", it's security
> > within the scope of a game, which doesn't really deserve any more
> > attention than any other normal bug, unlike real security problems.)
>
> It is a security problem. A user can overwrite the highscore files to exploit a
> buffer overflow in the game and wait for another user to play. A user can also
> store large file in it to escape quota on /home dir, or to break the /var
> partition, or to hide setuid binaries?, etc...
Stretching a little, but fair enough.
> > All of these should be g+s, or the data files will be created with the
> > user's primary group. If usergroups are on, that'll prevent anyone else
> > from writing high scores.
>
> Yes/no. You cannot overwrite the highscore, but you can remove it and recreate
> it if you are setgid game.
That depends on how the file is opened (and its permissions), but it's
pretty likely to break.
> Also the user writing the file will be the owner of
> the file, so he can overwrite it. But you are right, for most games it should
> be g+s.
The user writing the file won't be the owner of the file, unless he happens
to be the same person that originally ran the game which created it.
--
Glenn Maynard
Reply to: