[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: setuid/setgid binaries contained in the Debian repository.

On Fri, Aug 01, 2003 at 01:56:50PM -0400, Joey Hess wrote:
> I think you can set it up so users cannot forge high scores by just
> running such a helper. Make the helper sgid scorewriter, and make the
> games setgid scoresetter

Umm... you invent a scorewriter for removing the sgui games bit? And then
you add a sgid scoresetter? I dont think this makes mch sence.

Although it is true, that sgid games exploit are a problem, because they can
be used to invade other game playing users, personally I think it is much
more important to look at the other suids first.

BUT: i realy do think each game MUST offer the non sgid option. We could
have a global question herer:

Do you want to limit gaming experiencing on your system but therefore
increase system security? If you answer yes here, no game will be installed
sgid games, and therefore you do not have shared highscores. <<yes>> <no>

  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!

Reply to: