Jason L Tibbitts III wrote: >>>>>> "MT" == Michael Thomas <wart@xxxxxxxxxx> writes: > > MT> It's probably not as common these days as it was 10 years ago to > MT> have multiple users per machine, but it's still something we > MT> should cater to. > > The problem is that "user can gain group games membership" and "user > can mess with the high score tables" both show up as security > vulnerabilities. Frankly I don't see that any use of setgid games is > worth the trouble. > Erm, I dunno the way we do things currently is: -first thing in main -open shared highscore file r+ -drop sgid games rights Means that it is impossible for a user to get group games mambership. Now if user can find a security hole (and I'm sure they can) then the most damage they could do is: -corrupt the shared scorefile in such a way that when another user starts the game it does something which the attacker wants with the rights of the other user. So yes we have a real problem here, but if we make sure that the highscore reading functions do proper input checking, which should be relativly easy, were not talking advanced math here, just a highscore table, then the worst a user could do is: -fill /var/games with a huge file, causing diskspace problems in a way he normally can't. Which can easily be fixed on a system using quotasm by setting a quota for the games group. And on systems not using quotas this is irrelevant. Regards, Hans
