[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: setuid/setgid binaries contained in the Debian repository.



On Sun, Aug 10, 2003 at 10:26:04PM +0200, Gerfried Fuchs wrote:

>  :-(  I see this as a loss. One of the cool features about linux games is
>  the ability to compare to and compete with other users. I definitely hope
>  that this will not work out.

I have nothing against global score files per se, but the current method is
fraught with security problems, and it should be done differently.

> > I also think it would be a good idea for policy to require all
> > setuid/gid bit grants to go through this or another list for peer
> > review, much as pre-depends are supposed to.
> 
>  This though is a good idea.
> 
>  About the impacts of sgid games exploits: What would be able different
>  than to affect the global scorefiles and safegames?

Read the previous messages in this thread.  The games run with the uid of
the invoking user, so if the user is able to gain control of the game (for
example due to a packaging error as with nethack, or by being able to modify
saved games and score files which the program reads and trusts), then this
provides a method by which to attack other users on the system and gain
their privileges.

> > [1] Multi-user game machines are not as common as they once were.
> 
>  Which is a pity, and which will be reduced even more if we go that way
> because we disable them and especially would reduce support for them, a
> evolution that I don't like to see to happen.

The most appropriate solution, to me, is to use centralized network servers
to store and compare this data, rather than local files anyway.

-- 
 - mdz



Reply to: