Hi, On 05/05/2011 11:04 AM, Richard Hartmann wrote: > On Thu, May 5, 2011 at 10:58, Hans de Goede<hdegoede@xxxxxxxxxx> wrote: > >> With Bas' approach every game binary (or rather the sources it is build >> from) still needs to be patches to use the passed in fd, rather then trying >> to open the highscore file itself. > > Correct. This is inevitable unless upstreams adopt either patch. > > >> As for auditing: >> 1) The highscore parsing code should still be audited in either case, since >> someone subverting the game will still be able to write malicious content >> to it in either case > > Correct, but that still means fewer places to audit. > > >> 2) The rest of the code will be a simple standardizes snippet directly at >> the start of main, and once control is passed this snippet all elevated >> rights are permanently gone, see here for the snippet Fedora is using: >> http://fedoraproject.org/wiki/SIGs/Games/Packaging > > The other approach would also result in one single snippet (unless I > am forgetting something)? Right, so from a security pov and needed patching pov both approaches are equal, except that having a special right helper also requires: -adding launcher scripts / modifying .desktop files -writing such a helper More importantly, Fedora has already been using the approach I advocate for a few years, and has patches for many games for this already and has been feeding these upstream where possible. So on one hand we have this approach which looks good on paper, and on the other hand we've this approach which looks equally good on paper, and which is actually implemented already for a lot of games. Which to me makes it really easy to decided which approach to choose. Regards, Hans _______________________________________________ games mailing list games@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/games
