Mailinglist Archive: opensuse-packaging (120 mails)
| < Previous | Next > |
Re: [opensuse-packaging] Import of Fedora Packaging Guidelines
- From: Ludwig Nussel <ludwig.nussel@xxxxxxx>
- Date: Mon, 13 Jul 2009 13:37:50 +0200
- Message-id: <200907131337.50755.ludwig.nussel@xxxxxxx>
Schlomo Schapiro wrote:
That wouldn't increase security. Those games are not written with
security in mind so having access to highscore files could allow a
local attacker to do nasty things. Best way would be to have the
highscore files written via daemon.
cu
Ludwig
--
(o_ Ludwig Nussel
//\
V_/_ http://www.suse.de/
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
--
To unsubscribe, e-mail: opensuse-packaging+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-packaging+help@xxxxxxxxxxxx
Ludwig Nussel wrote:
Hmm, Ludwig, what about these permissions? Are they still needed?
Well, you tell me :-) Those binaries are usually setgid games for
writing shared highscore files in /var. I'd be happy to get rid of
the setgid bits by default.
Could this not be also done via a suitable setup of the highscore directory
with
ACLs and setgid on the directory? Make it group writeable for all users and
make
sure that the default ACLs are set correctly?
That wouldn't increase security. Those games are not written with
security in mind so having access to highscore files could allow a
local attacker to do nasty things. Best way would be to have the
highscore files written via daemon.
cu
Ludwig
--
(o_ Ludwig Nussel
//\
V_/_ http://www.suse.de/
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
--
To unsubscribe, e-mail: opensuse-packaging+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-packaging+help@xxxxxxxxxxxx
| < Previous | Next > |