On Thu, May 5, 2011 at 10:58, Hans de Goede <hdegoede@xxxxxxxxxx> wrote: > With Bas' approach every game binary (or rather the sources it is build > from) still needs to be patches to use the passed in fd, rather then trying > to open the highscore file itself. Correct. This is inevitable unless upstreams adopt either patch. > As for auditing: > 1) The highscore parsing code should still be audited in either case, since > Â someone subverting the game will still be able to write malicious content > Â to it in either case Correct, but that still means fewer places to audit. > 2) The rest of the code will be a simple standardizes snippet directly at > Â the start of main, and once control is passed this snippet all elevated > Â rights are permanently gone, see here for the snippet Fedora is using: > Â http://fedoraproject.org/wiki/SIGs/Games/Packaging The other approach would also result in one single snippet (unless I am forgetting something)? Richard _______________________________________________ games mailing list games@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/games
