Re: /var/games/package must be 770
On Fri, 1 Mar 2002 15:04, Bill Allombert wrote:
> When you run a setgid binary you still own the files you create. When you
> own a file you overwrite it *unless* it is in a directory you can not chdir
> in.
>
> There is no way to allow a user to read a file he own but to disallow him
> to overwrite it.
>
> So either highscore files are created owned by root at the installation of
> the game and there is no reaon to have the directory writable by games,
> either they are created by the first user who play the game and then they
> should in a 770 (or 774) directory.
For best possible operation the file should have been created as root-owned.
If a previous version of the game didn't do that then the file should be
chown()'d to root to correct this.
Only if the game is creating new files all the time will it be necessary to
have the directory mode 770.
The benefit of having the file owned by root instead of by the user is in
systems that have quotas enabled. Consider the case where the user runs out
of disk space but can't free any space because it's taken up by files in
directories they can't read. Also consider the case where the quotas of user
A (who owns the file) prevent user B from playing the game because the file
can't be extended (could be a DOS attack against high score files - do
"cat /dev/zero > ~/big-file" in your .logout to stop someone from beating
your high score).
--
If you send email to me or to a mailing list that I use which has >4 lines
of legalistic junk at the end then you are specifically authorizing me to do
whatever I wish with the message and all other messages from your domain, by
posting the message you agree that your long legalistic sig is void.
Reply to: