Gerfried Fuchs wrote: > I definitely hope that we don't. Linux is a multiuser operating system > and definitely should stay that way. If what you mean with "by default" > would mean that users have to recompile binaries to make global score > files work I definitely vote against it. If it can be turned on/off > through a debconf question or otherwise quite similarly easy I might be > convinced it might be a good idea. I answered the above in this bit you quoted and replied to later on: > > We ended up making it do that by default, but letting it use a global > > score file if it is locally made setgid since it's been pretty well > > audited by now. > > If the only thing that is needed to activate a global score is to make > it sgid games it is IMHO acceptable, but I guess it wouldn't be that > easy for many games, and I fear that it might give a wrong impulse.... This type of change is trivial for any game that can be converted to per-user score files in the first place. > > Anyway, the point is that most games need a global score file like I > > need a third ear > > Nice for you, but don't apply your needs to all of our users and all > the other players, thank you very much. I need a secure system, and I think our users do too. > > I also think it would be a good idea for policy to require all > > setuid/gid bit grants to go through this or another list for peer > > review, much as pre-depends are supposed to. > > This though is a good idea. > > About the impacts of sgid games exploits: What would be able different > than to affect the global scorefiles and safegames? All you have to do is crack a game, to get a uid games shell. From there you have every group games score file as your playground. You can attack any other game on the system, feeding it malicious data over a channel that was presumed secure and is often read with code that does very little sanity checking. So you set up your bogus corrupted score files and wait for some other user to run a game. Now you have a shell belonging to some other user. Perhaps this user uses sudo.. > > [1] Multi-user game machines are not as common as they once were. > > Which is a pity, and which will be reduced even more if we go that way > because we disable them and especially would reduce support for them, a > evolution that I don't like to see to happen. They are not as common because multi-user gaming has moved to the internet. These days if you want to compete with a bunch of users the modern way to do it is to have some sort of scoreboard on a server somewhere. -- see shy jo
Attachment:
pgpb_ZRE99BqF.pgp
Description: PGP signature