On Thu, May 5, 2011 at 10:32, Hans de Goede <hdegoede@xxxxxxxxxx> wrote: > This approach is just as safe as yours, once > the rights have been unrevokably dropped, nothing bad can be done any > more other then what can be done through the fd. Not quite true as with Bas' approach there is exactly one binary that needs to be secured whereas with your approach every single game binary needs to be patched and audited. While I am not agreeing with the people who created a setuid-free Linux distro, it's still good practice to limit the number of binaries that are setuid. Richard _______________________________________________ games mailing list games@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/games
