Re: setuid/setgid binaries contained in the Debian repository.
On Monday 11 August 2003 01:23, Matt Zimmerman wrote:
> The most appropriate solution, to me, is to use centralized network servers
> to store and compare this data, rather than local files anyway.
Some kind of centralized instance has to be used, and sgid is the poor man's
approach of doing this.
It doesn't have to deal with the data in every case though, as the concept of
authentication servers does exist.
Out of all multiplayer games, most simply require a game server "somewhere on
the net" these days (peer-to-peer gaming implied), and those that don't can
again be divided into split-screen play and the classic way of sharing just
the highscore file.
The latter group could be satisfied with one of the more advanced access
control mechanisms, of whose none is enabled by default on any Linux or BSD
system, unfortunately. We have ACLs, role models, privacy models,
personalities, trustees, capabilities, jails and whatnot, but we don't use
them, so the problem is not going away anytime soon.
Just yesterday I tried to implement running untrusted code dynamically on a
game server. No way on unpatched systems. Thus, game developers can and will
unlikely be persuaded to invest lots of time into security if the surrounding
framework lacks features which have been available for years, yet cannot be
used because rwxrwxrwx rules.
Josef
--
Play for fun, win for freedom.
Linux-Info-Tag Dresden 2003: http://www.linux-dresden.de
Reply to: