On 05/06/2011 02:56 AM, Vitaly Magerya wrote: >> Yes, in practice the discussed attack vector does not seem something >> which often gets used / security bugs get filed for (*). Still I think >> it would be good to agree on a way to best harden setgid games games, >> esp. for the mentioned wiki page with advises for upstreams for games. > > If you'd ask me, "open file, drop privileges" is a sensible thing to do, > and pushing such patches upstream is even better, because it will > instantly offer increase in security for all the downstream users > without any work on their part (even those who install programs manually > will benefit). > > (Other security concerns, like an exploitable game being able to read > and write all your home directory is more of a pressing matter though). Perhaps a selinux policy could help here, at least for systems that have selinux enabled. --Wart _______________________________________________ games mailing list games@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/games
