Re: setuid/setgid binaries contained in the Debian repository.

To: debian-devel@lists.debian.org
Subject: Re: setuid/setgid binaries contained in the Debian repository.
From: Matt Zimmerman <mdz@debian.org>
Date: Fri, 1 Aug 2003 14:09:46 -0400
Message-id: <[🔎] 20030801180946.GM15502@alcor.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20030801175650.GA28679@dragon.kitenet.net>
References: <20030731173753.GA27675@uk.intasys.com> <[🔎] 20030801152140.GC15502@alcor.net> <[🔎] 20030801175650.GA28679@dragon.kitenet.net>

On Fri, Aug 01, 2003 at 01:56:50PM -0400, Joey Hess wrote:

> I think you can set it up so users cannot forge high scores by just
> running such a helper. Make the helper sgid scorewriter, and make the
> games setgid scoresetter (these names could be better). Then the helper
> would refuse to write any scores unless its real GID is scoresetter.

I considered something like this, but I dismissed it as overcomplicated for
the problem (of forging local high scores).  I'd rather decrease the overall
number of privileged programs than reorganize into a larger number of
privilege groups.  With fewer and fewer users per system these days, there
isn't usually any glory in this kind of high score anyway, and only
client/server games which are mediated by a neutral server can usefully
provide this kind of scorekeeping.

-- 
 - mdz

Reply to:

References:
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Matt Zimmerman <mdz@debian.org>
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Joey Hess <joeyh@debian.org>

Prev by Date: Re: setuid/setgid binaries contained in the Debian repository.
Next by Date: Re: [PROPOSAL] Debian Release Plan
Previous by thread: Re: setuid/setgid binaries contained in the Debian repository.
Next by thread: Re: setuid/setgid binaries contained in the Debian repository.
Index(es):
- Date
- Thread