[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#380914: help with python transition in pyracerz game



On Wed, Sep 06, 2006 at 06:49:42PM -0300, Jose Carlos Medeiros wrote:

> I updated package,, but before upload it , I would like to solve this
> file permissions problem.

> Well, DSFG says that we cannot put a chmod 77 in a /var/games/* file then
> to solve I setted suid to group games and put /var/games/..file.conf
> in games group.

> With binary packages I havent problems,, but as pyRacerz is
> interpreted using python,  set suid to pyracerz script do not work :(

> I couldnt this in just 2 solutions.
> 1 - chmod 777 /var/games/pyracerz/pyracerz.conf

> or

> 2 - set suid to python executable.

> I dont need to say that second option is out of question :)

The first even moreso; it allows users to bypass system quotas and, in
theory, can lead to exploitable security holes when pyracerz reads the file. 
(I can't find any such security holes in the pyracerz code *presently*,
FWIW, but that does NOT make it ok to create a world-writable file!)

> This file must be in /var/games, because all users in same pc can see
> history and etc.    And if I put this file in home user,  just this
> user will read this file.

Then you need to figure out how to make an sgid games pyracerz binary.  The
first solution that suggests itself to me is a small sgid wrapper written in
C that does nothing except change gid and execute the python program.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/



Reply to: