[Bug 219972] Review Request: poker-network - A poker server, client and abstract user interface library

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

Summary: Review Request: poker-network - A poker server, client and abstract user interface library
Alias: poker-network

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=219972





------- Additional Comments From wart@xxxxxxxxxx  2007-01-24 18:29 EST -------
(In reply to comment #53)
> > MUSTFIX
> > * Create a 'poker' user for running the server for better security
> 
> I used user "games" instead.

Better to use a custom user account and not the overloaded 'games' account. 
This helps prevent a security breach from one game using the 'games' account
from compromising other games using the 'games' account.  This will require
using 'useradd' in the %pre scriptlet.

> > * Add selinux policies to poker-server for better security
> 
> Need help from you on this.

I'm working on it...

> > * Use double quotes around the sed regsub pattern to avoid potential
> >   problems if %{python_sitelib} were to ever contain a space.
> 
> There already are double quotes around this path in the init file.

But the sed command itself would fail if %{python_sitelib} contained a space,
unless you surround the regsub pattern with double-quotes.

> > NOTES and Questions
> > ===================
> > * Why does the package contain a x509 certificate for 'webmaster@localhost'?
> > 
> 
> 09:38:57       XulChris | dachary: reviewer wants to know: "Why does the package
> contain a x509 certificate for 'webmaster@localhost'?"
> 09:38:57        dachary |  :-)
> 09:39:12        dachary |  for the SSL conx to the poker server
> 09:39:46       XulChris | dachary: i dont know anything about x509 certificates,
> but what if you dont have a webmaster user name or use "localhost"?
> 09:40:12        dachary |  it's a self signed certificate
> 09:40:21        dachary |  the email does not matter much
> 09:40:33       XulChris | so its nothing i have to generate at build time then?
> 09:40:41        dachary |  it's a place holder that must be replaced if you're
> serious about security
> 09:40:47        dachary |  no

I suspected it was something like this.  poker-server admins should be aware
that using the default x509 cert provides no security at all, since everyone has
access to the certificate's private key.  Please document this in README.Fedora.

-- 
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

_______________________________________________
Fedora-package-review mailing list
Fedora-package-review@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-package-review

[Index of Archives]     [Fedora Legacy]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]