* Joey Hess <joeyh@debian.org> [2003-07-31 17:00]: > Steve Kemp wrote: >> A long time ago[1] I asked if there was a list of all the setuid/setgid >> binaries contained in the previous Debian stable release. >> >> http://www.steve.org.uk/cgi-bin/debian/index.cgi > > I'd like to see us move all of our setgid games (except, perhaps, > nethack) away from using global score files by default. I definitely hope that we don't. Linux is a multiuser operating system and definitely should stay that way. If what you mean with "by default" would mean that users have to recompile binaries to make global score files work I definitely vote against it. If it can be turned on/off through a debconf question or otherwise quite similarly easy I might be convinced it might be a good idea. Taking away multiuser capabilities though is a BAD idea... > After several bad experiences with xbl (DSA-345, DSA-327)), I > suggested to its author that it be changed to use a score file in the > player's home directory. :-( I see this as a loss. One of the cool features about linux games is the ability to compare to and compete with other users. I definitely hope that this will not work out. > We ended up making it do that by default, but letting it use a global > score file if it is locally made setgid since it's been pretty well > audited by now. If the only thing that is needed to activate a global score is to make it sgid games it is IMHO acceptable, but I guess it wouldn't be that easy for many games, and I fear that it might give a wrong impulse.... > Anyway, the point is that most games need a global score file like I > need a third ear Nice for you, but don't apply your needs to all of our users and all the other players, thank you very much. > I also think it would be a good idea for policy to require all > setuid/gid bit grants to go through this or another list for peer > review, much as pre-depends are supposed to. This though is a good idea. About the impacts of sgid games exploits: What would be able different than to affect the global scorefiles and safegames? > [1] Multi-user game machines are not as common as they once were. Which is a pity, and which will be reduced even more if we go that way because we disable them and especially would reduce support for them, a evolution that I don't like to see to happen. So long! Alfie -- To err is human, to moo bovine. -- unknown
Attachment:
pgpidJYj2k3T5.pgp
Description: PGP signature