Re: KDE and security
On Wednesday 06 November 2002 13:55, Russell Coker wrote:
> I think that these files should be created in a subdirectory so that they
> can be easily tracked, controlled, and removed when not needed.
Should be doable.
> One problem I am currently dealing with is that I want to run games under a
> different context that is denied read access to regular files (so a game
> can't send my private data over the net if cracked) and given read-only
> access to it's config files.
Oh come on.
Some KDE games use KIO to transmit highscores and load/update level files.
Some games use general data such as in /usr/share/trans (and all sort of
dictionaries).
In the not-too-distant future, there will be gaming services spawning
sandboxes on their own for each launched game type (which is currently hard
to do on Linux when being non-root, unfortunately - 1:0 for the Hurd here ;).
Some scan for available wallpapers, or media content of other games, at
runtime (which, via KStandardDirs, can be global or local data, mixed
transparently).
> For /tmp/ksocket-user and /tmp/.ICE-unix, will KDE use an environment
> variable for specifying the tmp directory? If so it shouldn't be difficult
> to solve this. Also what is the point of the .ICE-unix directory anyway?
I've got this one in my startup scripts:
· mkdir /tmp/.ICE-unix
· chmod 1777 /tmp/.ICE-unix
If not doing this, ICE (X11) would create it on its own and decide to sleep()
(no joke, seen on a Gnome list some time ago).
> But the .DCOPserver* files are a more serious problem. IMHO the core code
> should be changed to put them somewhere more appropriate. I'd be happy to
> offer a patch if someone's interested in merging it (either in Debian
> packages or upstream).
If it's a security problem, a Debian-specific solution is not better than no
solution at all.
Josef
--
Free operating systems. Free software. Free games.
Reply to: