Re: /var/games/package must be 770
On Fri, Mar 01, 2002 at 09:06:16AM +0100, Eric Van Buggenhaut wrote:
> On Wed, Feb 27, 2002 at 05:47:42PM +0100, Bill Allombert wrote:
> > This is a minor security problem : if the highscore is always
> > created by root, /var/games/<package>/ can be 755 as well.
> > Else there is the risk the high score files became owned by a
> > normal user. Since the directory is 775 and not 770, this user
> > can overwrite the highscore file and create security problems.
> >
>
> Sorry, I'm losing you here. If the dir is 775, then root and group
> games can read-write the files within this and others may read these
> files but certainly not overwrite them.
>
> How do you see it a problem that normal users may _read_ high score files ?
When you run a setgid binary you still own the files you create. When you own a file you
overwrite it *unless* it is in a directory you can not chdir in.
There is no way to allow a user to read a file he own but to disallow him to
overwrite it.
So either highscore files are created owned by root at the installation of the
game and there is no reaon to have the directory writable by games, either they
are created by the first user who play the game and then they should in a 770
(or 774) directory.
I dearly hope Debian maintainers of packages with set[ug]id binaries know this, or
at least understand it when they read it in the Debian policy.
Best regards,
--
Bill.
<ballombe@debian.org>
Reply to: