Re: setuid/setgid binaries contained in the Debian repository.
On Mon, Aug 11, 2003 at 09:27:25AM +0200, Gerfried Fuchs wrote:
> Yes, I've read your second reason about that saved games might impact
> the users running them. I can see that there might be buffer overflows
> in the save games that might affect the users...
There are many ways that gid games can attack users. If a game is already
written insecurely, such that gid games can be obtained from it, it is
likely that there are other problems as well.
> > The most appropriate solution, to me, is to use centralized network servers
> > to store and compare this data, rather than local files anyway.
>
> These networked servers would store them "local", so it would be just
> moving the problems from the local host (for which people might or might
> not trust its users) to a networked host (for which people usually not
> even _know_ who has access to that machine). I don't see this as a real
> solution, do you?
Yes, I do. The problem becomes much simpler because there is a more solid
delineation of privilege. Given a small, simple and security-conscious
client library, and a corresponding small, simple and security-conscious
network server, the potential for security problems is far less than
slapping the setgid bit on entire games which never gave a thought to
security.
This is no immediate solution, of course, because quite some thought and
design would be required before such a thing could be written, since games
have different requirements in this area.
An immediate solution is needed, though, as we have a ton of setgid programs
in Debian that are granted this trust simply by virtue of being games, and
this trust is very often misplaced.
--
- mdz
Reply to: