* Matt Zimmerman <mdz@debian.org> [2003-08-10 19:23]: > On Sun, Aug 10, 2003 at 10:26:04PM +0200, Gerfried Fuchs wrote: >> About the impacts of sgid games exploits: What would be able different >> than to affect the global scorefiles and safegames? > > Read the previous messages in this thread. The games run with the uid of > the invoking user, so if the user is able to gain control of the game (for > example due to a packaging error as with nethack, or by being able to modify > saved games and score files which the program reads and trusts), then this > provides a method by which to attack other users on the system and gain > their privileges. Ah, I see, thanks. I've scanned the thread but haven't found anything clear as this. So, we are cutting the users because the packaging person did make a serious mistake? Good idea :/ Yes, I've read your second reason about that saved games might impact the users running them. I can see that there might be buffer overflows in the save games that might affect the users... > The most appropriate solution, to me, is to use centralized network servers > to store and compare this data, rather than local files anyway. These networked servers would store them "local", so it would be just moving the problems from the local host (for which people might or might not trust its users) to a networked host (for which people usually not even _know_ who has access to that machine). I don't see this as a real solution, do you? So long, Alfie -- It is generally useful for programs to be able to query which languages the user can understand. And most users (except for the French and USA'ans) _can_ understand more than one language. -- Jacob Sparre Andersen in http://bugs.kde.org/db/19/19831.html
Attachment:
pgpAbpe7NoEsB.pgp
Description: PGP signature