Jason L Tibbitts III wrote: >>>>>>"w" == wart <wart@xxxxxxxxxx> writes: > > > w> The first game, njam, has an in-game editor for users to create new > w> levels. The directory where user-levels are saved is > w> /usr/share/njam/levels. > > If you really want to support something like this, (and I'd argue that > it isn't worth it) here are a couple of ideas: > > Save in a known place in the user's home directory and set read > permission. Of course, to load a level, you need to know what user > made it. > Somehow pass the data to a small program that has the appropriate > privileges that does nothing but move the data into place. This is a pretty good idea. Something like 'njam-install-level' that could also perform some sanity checks on the game data to prevent bad data from being installed. > w> The second game, hack (part of bsd-games), creates 'bones' files > w> when a character dies. These bones files are later loaded and > w> removed when other players start a game to create ghosts and > w> treasure piles. > > Ugh; it is really not possible to determine the name of the bones file > early in the process? Is there some reason it can't just be some > random string? The bones files are created based on the dungeon level that the user died on. There is a maximum of one bones file per user per dungeon level. This means that we don't know the name of the file until the user dies, that is, until the game ends. I found an article by David Wheeler discussing secure programming techniques. Section 7.4 discusses minimizing privileges and is quite a good read: http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/minimize-privileges.html --Mike
