* Matt Zimmerman <mdz@debian.org> [2003-08-10 19:23]:
> On Sun, Aug 10, 2003 at 10:26:04PM +0200, Gerfried Fuchs wrote:
>> About the impacts of sgid games exploits: What would be able different
>> than to affect the global scorefiles and safegames?
>
> Read the previous messages in this thread. The games run with the uid of
> the invoking user, so if the user is able to gain control of the game (for
> example due to a packaging error as with nethack, or by being able to modify
> saved games and score files which the program reads and trusts), then this
> provides a method by which to attack other users on the system and gain
> their privileges.
Ah, I see, thanks. I've scanned the thread but haven't found anything
clear as this. So, we are cutting the users because the packaging person
did make a serious mistake? Good idea :/
Yes, I've read your second reason about that saved games might impact
the users running them. I can see that there might be buffer overflows
in the save games that might affect the users...
> The most appropriate solution, to me, is to use centralized network servers
> to store and compare this data, rather than local files anyway.
These networked servers would store them "local", so it would be just
moving the problems from the local host (for which people might or might
not trust its users) to a networked host (for which people usually not
even _know_ who has access to that machine). I don't see this as a real
solution, do you?
So long,
Alfie
--
It is generally useful for programs to be able to query which languages the
user can understand. And most users (except for the French and USA'ans) _can_
understand more than one language.
-- Jacob Sparre Andersen in http://bugs.kde.org/db/19/19831.html
Attachment:
pgpAbpe7NoEsB.pgp
Description: PGP signature