Hi,
On 09/02/2009 11:47 PM, Ryan Rix wrote:
Hans de Goede wrote:
This is a known issue with roguelikes, we've solved this for the other
roguelikes (see there spec files) by creating a group esp. for the game
and making it sgid itsowngroup and never dropping the sgid rights. This
way we strongly limit the amount of damage / attacks which can be done by
not dropping sgid, this is the best security versus usability trade off we
could come up with for rogue likes.
Regards,
Hans
Looking at the specs for nethack, ularn and rogue
(cvs.fedoraproject.org/viewvc) shows that these are simply setgid games. I
did not look at the actual code to see how they handle setgid.
They don't handle being sgid in any special way, as said: "and never dropping
the sgid rights", which is why they are given there own group to limit any
potential fall out from privilege escalation bugs in their code.
IOW no changes to their code were made to support the sgid running.
Regards,
Hans
--
Fedora-packaging mailing list
Fedora-packaging@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-packaging
