[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: person playing wesnoth as root

On Thu, Dec 06, 2007 at 09:56:59AM -0500, Douglas A. Tutty wrote:
> I don't have previous threads stored on my box, so I can't link this
> into the right thread.
> There was a thread in the last few days from someone who felt that they
> need to run the westnoth game as root to access some kind of
> framebuffer.
> As a concrete example of why this should be avoided, I note today's
> security announcement on the game that there is a bug which allows an
> attacker to read any file to which the user running the game has access.
> Some attacker could have read the shadow-password file (heh, the whole
> /etc), crack all the passwords, and just be waiting for ssh to open port
> 22.  Pubkey wouldn't help since they'd also have read your ~/.ssh/
> Doug.

I figured out my problem and fixed it actually, and I stopped running
everything through sudo. The only things I use sudo for now is iptables,
halt and reboot (So that I don't have to type a password just to use

Thanks for the heads up though, very much appreciated.

If programmers deserve to be rewarded for creating innovative
programs, by the same token they deserve to be punished if they
restrict the use of these programs. 
 - Richard Stallman

Attachment: signature.asc
Description: Digital signature

Reply to: